Monday, March 10th, 2014

Welcome Jon

Back in January, we announced that the search was on for a new programmer—one who’d be devoted entirely to LibraryThing.com, and there’s been much excitement. Today, I’m pleased to say that the search has ended!

Everyone, meet Jon Kiparsky (long-time LT member kiparsky), our new developer! Say hi on his profile, or on the “Welcome Jon” talk topic.

Jon was born in Boston and has never lived more than a hundred miles from an ocean. He has a degree in Linguistics from Reed College, and his career has been varied, with past positions including tech writer, music label bigwig, radio personality, and sound tech.

Jon spends his non-programming time playing music (largely Irish session tunes), brewing beer and mead, and studying math, and he’s working very hard on controlling his nearly Tourette-like tendency to spout atrocious puns with little provocation or warning. He also translates fiction from German, Spanish, and Portuguese into English—having learned Portuguese in order to read Jose Saramago stories that hadn’t been released in his native tongue.

Favorite authors include: Iain M. Banks, Douglas Hofstadter, Raymond Smullyan, Steven Brust, and Theodore Sturgeon (but no guarantees that asking again will produce the same list)

Jon’s job at LibraryThing is a big one. He’ll be working with Tim on LibraryThing.com, developing features, fixing bugs and improving performance. We expect great things from him. But it’s going to take him a few weeks to ease into how we do things, so don’t expect everything to get better immediately!

So, who gets $1,000 in books?

Many of you may remember that we offered a bounty of $1,000 worth of books to whoever managed to connect us with our new developer. That lucky individual is Jon’s girlfriend, Nadia, an archivist who saw Tim mention the job on Twitter! Many thanks to you, Nadia, and enjoy your books!

Labels: employees

Tuesday, March 4th, 2014

March Early Reviewers batch is live!

The March 2014 batch of Early Reviewer books is up! We’ve got 109 titles this month, and a grand total of 2,996 copies to give out.

First, make sure to sign up for Early Reviewers. If you’ve already signed up, please check your mailing/email address and make sure they’re correct.

» Then request away!

The list of available books is here:
http://www.librarything.com/er/list

The deadline to request a copy is Monday, March 31st at 6pm Eastern.

Eligiblity: Publishers do things country-by-country. This month we have publishers who can send books to the US, Canada, the UK, Israel, Australia, France, Germany, and many others! Make sure to check the flags by each book to see if it can be sent to your country.

Thanks to all the publishers participating this month!

Kregel Publications Tundra Books Bethany House
Taylor Trade Publishing Akashic Books Chronicle Books
Henry Holt and Company Quirk Books Riverhead Books
Putnam Books Kaylie Jones Books Gefen Publishing House
William Morrow JournalStone John Ott
CarTech Books Random House Five Rivers Publishing
De Angelo Moody Development Group, LLC Greyhart Press Conscious World Press
Whimsical Books ZonaBooks Palgrave Macmillan
ArbeitenZeit Media Apex Publications ENVISION BUSINESS & Computer School Publishing
Human Kinetics Crux Publishing Recorded Books
Algonquin Books BookViewCafe Santa Fe Writers Project
McFarland Lion Fiction Thomas Dunne Books
Crown Publishing Viva Editions Bellevue Literary Press
Chin Music Press Berlinica Small Beer Press
Ballantine Books Phaeton Publishing

Labels: early reviewers, LTER

Friday, February 14th, 2014

Staff Favorites: Literary Love Stories

In honor of this most love-ly of holidays, I asked the rest of the staff to help me with a roundup of our favorite love stories in literature.

» Go add your favorites to our list here!

And whatever you’re doing for Valentine’s Day, take some advice from Powell’s and Treat Your Shelf(1) to something nice.

Our Favorites

Benedick & Beatrice from Much Ado About Nothing
KJ says: It’s the Ur-Romantic Comedy for a reason. Two grumps who detest the concept of Romance are manipulated into showing their feelings by their conspiring friends over a weekend wedding.

Bendrix & Sarah from The End of the Affair
Kate says: Is it in bad taste to pinpoint an affair as a prime example of love? Sorry not sorry.

Jamie & Claire from The Outlander Series
Abby says: It’s the story of an English woman in the 1940s who travels through time to 1740s Scotland—the books are historical fiction mixed with time travel, and of course, a great love story.

Daphnis & Chloe, the eponymous duo from the novel by Longus
Tim says: Sweet and unexpected. If you haven’t read an ancient novel, this is the one to start with.

Everyone from A Midsummer Night’s Dream
Matt says: Well, they all end up together at one point or another, really.

Marco & Celia from The Night Circus
Loranne says: A bit of a fairy tale, but very much an affair of the mind between the two characters. The addition of magic (no joke) makes the settings spectacular, too.

Jim & Doyle from At Swim, Two Boys
KJ says: The story of a romance between two boys living in Ireland in 1916, against the background of increasing political strife and the Easter Rebellion. The book is written in a stream-of-consciouness style, and interweaves a beautiful romance with grand tragedy.

Elizabeth Bennet & Fitzwilliam Darcy from Pride and Prejudice
Abby says: You just can’t make this kind of list and leave off Elizabeth Bennet and Mr Darcy.

Florentino & Fermina from Love in the Time of Cholera
Loranne says: This one is right up there with Elizabeth and Darcy for me. The story spans decades, and every time I read it, I feel like I’ve spent that much time with them. In a good way.

Eleanor & Park from Eleanor and Park
Kate says: Duh.

Florizel & Perdita from The Winter’s Tale
Matt says: Such a funny and lovely exchange:
P: O, these I lack,
To make you garlands of, and my sweet friend,
To strew him o’er and o’er!
F: What, like a corpse?
P: No, like a bank for love to lie and play on;
Not like a corpse; or if, not to be buried,
But quick and in mine arms.

Polyphemus & Galatea from Metamorphoses
Tim says: Funny and poignant, and, since it’s Ovid, cleverer than you think.

Gen & Irene from The Queen’s Thief Series
KJ says: The romance in this series triumphs over a lot of politics and personal history which would have otherwise meant they shouldn’t be together. Also, the two of them banter sarcastically for most of the series with moments of simple companionship amid the political chaos around them.

Cecilia & Robbie from Atonement
Abby says: Oh, I weep.

Venus & Adonis from all over the place (but especially this one)
Matt says: In its many variations, particularly Shakespeare’s, and some lesser known Italian poets.

Laurie & Jo from Little Women
Kate says: THAT’S RIGHT. I SAID IT.



Honorable Mentions

Including, but not limited to, Holden Caulfield’s infatuation with himself.


1. For the uninitiated: Treat Yo’ Self from Parks & Recreation

Labels: holiday, lists, love, reading, recommendations

Tuesday, February 11th, 2014

LibraryThing adds SSL

https

LibraryThing has added SSL encryption to all pages that ask for private data.

That means the data you submit for signing in—signing up, changing your password, changing your email, etc.—is securely encrypted between you and LibraryThing. Depending on your browser, this will show up as a “lock” symbol, or just a change in the LibraryThing URL from http:// to https://.

Is LibraryThing going all-SSL?

We have decided on this as a first step, with the intention of going to all-SSL, or all-SSL for signed-in members only, as soon as practicable.

Going all-SSL is going to require considerable work, sifting through all the non-http URLs to avoid “mixed content” messages. Although these vary in their obtrusiveness browser-by-browser, going all-SSL without extensive testing is likely to lead to a lot more in confusion that it solves in potential problems.

As a result of this change, if you previously chose to browse LibraryThing using SSL, ignoring the warnings, you will no longer be able to do so. Rather, if you’re on one of the selected, user-data pages, it now forces you to use https. If you’re not on one of these pages, it forces you to use http.

At present, the solution covers LibraryThing.com and all its subdomains, like dk.LibraryThing.com (Danish), br.LibraryThing.com (Brazilian Portuguese). It is not installed on separate domains, like LibraryThing.de (Germany) and LibraryThing.nl (Holland). We will be weighing our options there, as SSL certificates are expensive.

Come discuss this on Talk, if you like.

Labels: new features, security, servers

Tuesday, February 4th, 2014

Security Notice and LibraryThing Password Reset

As a security precaution, we are requiring ALL members to change their passwords, here: http://www.librarything.com/changepassword.php

A security review and search of our records has determined that LibraryThing suffered a data breach in November of 2011. The breach was narrow. We have found no evidence that any catalog or other book data was accessed, changed or lost. The breach did not include member names, so it is unlikely the hacker(s) were after LibraryThing accounts.

Unfortunately, the hacker(s) did assemble and retrieve two key pieces of data–email addresses and encrypted passwords of members who had listed an email and joined before that date. Our passwords are stored as a one-way encyption (in technical terms, a salted hash). Such hashes are difficult, but not impossible, to break, especially for simple passwords.

Although a minority of accounts were affected, we are requiring all members to change their password to take advantage of increased account security features.

The breach. The hacker(s) gained partial access to our system through a flaw in our WordPress blogging software. Read more in “The Full Details” below.

All evidence points to this being an email-hacking attack. We have every reason to believe no other LibraryThing data was taken, not even user names. The intent was probably to grab the emails for spam, and break the password hashes, if possible. When broken, the passwords could be used against members who used the same password for their email, or email-based services, as they used on LibraryThing. Using the same password across many services is bad practice, but not uncommon. No financial data could have been taken. We do not get or store credit card numbers or any other financial information.

Our response. Security has been tightened significantly since late 2011, and has been further improved across the board since we discovered the event during a security review on January 21st, 2014. We have now moved our WordPress blog off our servers entirely, so a successful hack leads nowhere. Our password and account-recovery systems have been upgraded to meet the highest industry standards, and we have implemented a slate of additional security measures.

Email notices are being sent out to all members with email addresses. You can change your password any time; you don’t need to wait for the email.

Our apology. The hack may come as a shock; it certainly was to us. Although events of this sort–and far worse–have become numbingly frequent, they are failures indeed. I regret and apologize that any such event could happen on my watch, and the rest of the team feels the same way. We are all committed to ensuring that LibraryThing is as secure as possible going forward.

We hope this failure will not sour you on our service or community. LibraryThing members are a dedicated and passionate bunch, and a pleasure and honor to serve. After years of getting by, the company has significant profits to sink back into development of the main site; we will meet this event with renewed dedication and resources. (Please see, and spread, our recent job ad.)

Because the hack undermines a customer relationship, we have chosen to upgrade to “lifetime” accounts all members who joined before November 20th, 2011. We included those who did not have email addresses listed.

Come ask questions and discuss on Talk. You are also welcome to email tim@librarything.com.

Sincerely,

Tim Spalding
Founder and President


The Full Details

What happened:

  • The hacker broke into the system through a flaw in WordPress, the blogging software that we use. This gave them only partial access to the system, but was sufficient to query the user database and save the results.
  • The breach occurred on November 19th, 2011.
  • We have no evidence of further data breaches. They are not impossible. We are confident no similar attacks could have taken place since at least January 2013, when we added some specific security features.
  • We discovered the breach on January 21st, 2014. As it happened so long ago, we believe whatever damage could be done, has already been done.
  • We waited two weeks in order to understand the attack and to implement a new password system and a series of other security steps before going public, and potentially drawing hacker interest.

What was taken:

  • The hacker(s) exported three fields: email address, password hash and the IP address at sign-up. (The IP would not be of much use to them.)
  • Only members with accounts opened before November 20th, 2011, with email addresses, were affected. In total, 685,259 emails were exported.
  • We have no indication that other LibraryThing data was accessed or taken. It is significant that the hacker didn’t even export LibraryThing user ids or user names. They were surely after emails and passwords, not book data.
  • LibraryThing does not receive or store credit card information or any other financial details. If you registered for a paid account via PayPal, PayPal has your credit card information, but they do not send the numbers to us.
  • We have reasonable suspicion that someone has used the data as a list of live email addresses, and sent spam to them. We have no evidence that any password hashes have been broken, or LibraryThing accounts compromised.

How passwords work:

  • Systems like LibraryThing do not store passwords per se. Rather, we store complicated cryptographic transformations, called hashes, which are “salted” for increased security.
  • In theory, you cannot get from the hash to the password. In practice, hackers with powerful computers can break hashed passwords, especially if the underlying password is simple (e.g., “book” rather than “mypencilbreaks71″ or “xyA1!oG3g”).
  • Hacked passwords are dangerous when someone uses the same password across multiple online services, so failure at any one service opens up the rest.
  • Members should change their password at LibraryThing and any other service on which they used the same password. Here and elsewhere, members should also choose longer, hard-to-guess passwords. We encourage you to read safe-password advice from Google or Twitter.

Security improvements:

We can’t go into detail about security improvements. (If we did, we’d be compromising security.) But we can say what you can see:

  • We have moved our WordPress blogs off LibraryThing servers entirely, and onto a separate subdomain, blog.librarything.com. This insulates us from potential WordPress problems.
  • We have upgraded our password system to the highest industry standards. Users who joined in the last week or so, or changed their passwords, are already on the new system. But for simplicity’s sake, we’re requiring everyone to change their password.
  • We have a new system for password resets and changes, including password-strength indicators.
  • Our password recovery system has been changed from one involving sending out a temporary password to one employing quick-expiring tokens.
  • We are now sending out emails whenever a password has been changed. When a member changes their email address, change notices go out to both the new and old email addresses.
  • To discourage spamming of public emails—something that happened recently to some members—we have added an option to show your public email to friends, to signed-in members or everyone. By default, everyone who formerly chose to display their email publicly will now be set to friends-only.

Free accounts:

  • All members with accounts opened before November 20th, 2011 have been upgraded to lifetime accounts.

Labels: security, sysadmin, systems adminitration

Tuesday, February 4th, 2014

February Early Reviewers batch is live!

The February 2014 batch of Early Reviewer books is up! We’ve got 106 books this month, and a grand total of 3,480 copies to give out.

First, make sure to sign up for Early Reviewers. If you’ve already signed up, please check your mailing/email address and make sure they’re correct.

» Then request away!

The list of available books is here:
http://www.librarything.com/er/list

The deadline to request a copy is Monday, February 24th at 6PM EST.

Eligiblity: Publishers do things country-by-country. This month we have publishers who can send books to the US, Canada, the UK, Israel, Australia, France, Germany, and many more! Make sure to check the flags by each book to see if it can be sent to your country.

Thanks to all the publishers participating this month!

Bethany House Henry Holt and Company Kregel Publications
Tundra Books Riverhead Books Bluffer’s Guides
Taylor Trade Publishing Akashic Books JournalStone
Galaxy Audio Candlewick Press Chronicle Books
Cleis Press Random House Ballantine Books
Human Kinetics Plume CarTech Books
Live Out Loud Publishing Quirk Books Divine Design
St. Martin’s Press Eerdmans Books for Young Readers Prufrock Press
Crown Publishing In Fact Books John Ott
Apex Publications Medallion Press Crux Publishing
Five Rivers Publishing Recorded Books Georgetown University Press
Avery Gotham Books BookViewCafe
Crossed Genres Publications Palgrave Macmillan Demos Health
The Permanent Press Minotaur Books Altaire Productions&Publications
Free Store Books Open Books Algonquin Books
Bantam Dell Phaeton Publishing ENVISION School Publishing

Labels: early reviewers, LTER

Tuesday, January 28th, 2014

Find LibraryThing a Programmer, win $1,000 in books.

LibraryThing is growing. We’ve long devoted a sizable hunk of our resources to our products for traditional libraries (LibraryThing for Libraries). That business is growing fast, as more and more libraries are discovering the value of our tools.

So it’s time to reap the benefits, and fund LibraryThing.com development.

And we need your help to get the word out.

We need to find a kick-ass PHP programmer, so we’re offering $1,000 worth of books to the person who finds them. Think of it. $1,000 in books. What would you buy? Everything.

Rules! You get a $1,000 gift certificate to the local, chain or online bookseller of your choice.

To qualify, you need to connect us to someone. Either you introduce them to us—and they follow up by applying themselves—or they mention your name in their email (“So-and-so told me about this”). You can recommend yourself, but if you found out about it from someone else, we hope you’ll do the right thing and make them the beneficiary.

Small print: Our decision is final, incontestable, irreversible and completely dictatorial. It only applies when an employee is hired full-time, not part-time, contract or for a trial period. If we don’t hire someone for the job, we don’t pay. The contact must happen in the next month. If we’ve already been in touch with the candidate, it doesn’t count. Void where prohibited. You pay taxes, and the insidious hidden tax of shelving. Employees and their families are eligible to win, provided they aren’t work contacts. Tim is not.

Here’s the job post:


What we want: LibraryThing is looking for a kick-ass programmer (coder, hacker, engineer, etc.) to join the team, working mostly on LibraryThing.com.

Basics:

  • You can be anywhere. LibraryThing is headquartered in Portland, Maine, but most technology employees are remote.
  • If you’re not local, we’d expect you to visit the office for team meetings from time to time.

Tangibles:

  • Necessary. LibraryThing is made with in non-OO PHP. You should be a sure-footed, experienced, secure and rapid PHP coder.
  • Core. JavaScript (with JQuery, Prototype), CSS, MySQL.
  • Bonus. Mobile development (native or not), Python, Solr, book- and library technologies, systems skills, design or UX chops.

Take the Quiz:

Want to work for us? We have a simple quiz, developed back in 2011. If you can do it in under five minutes, you should apply for the job!

» The LibraryThing Programming Test

Do it in your best language the first time. If you also want to do it in PHP, we won’t object.

Intangibles:

  • Creativity, diligence, optimism, and outspokenness are favored.
  • We like to hire people who care about books, and believe in a open and humane vision of the future of reading.
  • We like LibraryThing members, and people who should be LibraryThing members. Be sure to check out What Makes LibraryThing LibraryThing?
  • Working on LibraryThing.com means understanding and working with its members. Staff and members develop and refine ideas together. LibraryThing is for those members, and most of what makes LibraryThing great is created by members, so—in a way—you are their servant. That can be great, and it can (occasionally) suck. You need to want that dynamic.
  • Working on LibraryThing.com means working with Tim. A lot. Don’t worry, he’s really very nice.
  • LibraryThing is an informal, high-pressure and high-energy environment. This puts a premium on speed and reliability, communication and responsibility.
  • Working remotely gives you freedom, but also requires discipline and internal motivation.

Compensation:

Salary plus gold-plated health and dental insurance. We find the best programmers keep regular hours, but we are both understanding and flexible.

Other:

  • We are not looking for part-timers.
  • We are not looking for companies.
  • We do not discriminate on any irrational basis, such as age, race, sex or religion, but you should probably use a Mac.

How to Apply:

Send an email and resume to jobs@librarything.com.

Skip the cover letter, and go through the blog post in your email, responding to the tangibles and intangibles bullet-by-bullet.

Also include your solution to the quiz, and how long it took you. Anything under five minutes is fine. If it takes you longer than five minutes, we won’t know. But if you make it to interviews, they’ll involve some live coding of this sort, and will be painful for you.

Labels: jobs

Friday, January 10th, 2014

The February and March Group Read Winners Are…

Last week the staff here at LibraryThing came up with a list of candidates for our next two One LibraryThing, One Book selections, and put them up for a vote. The results are in!

February

The Picture of Dorian Gray

Dracula and Frankenstein were pretty neck-and-neck (ha!), but Oscar Wilde’s only published novel won with an impressive lead. Dublin City Public Libraries tackled this one as a One City, One Book read a few years ago, too.

Official discussion will begin on February 10th at 12pm Eastern. Thinking about joining us for this read? Introduce yourself, or look for the threads labeled “Dorian Gray,” over on the One LibraryThing, One Book group.

For now, staff will be creating new threads, but feel free to start your own come February 10! You might also want to make use of our new Spoiler feature, if you’d rather not ruin the plot for others.

March

American Gods

In another landslide victory, Neil Gaiman’s meandering journey through deities from pantheons the world over beat out The Poisonwood Bible and, the 18th most-added book on LibraryThing for December, Where’d You Go, Bernadette.

Official discussion for American Gods will begin on March 10th at 12pm Eastern, but feel free to get started early! If you’d like to join us for this read, Introduce yourself to the group, and look for threads labeled “American Gods” on the One LibraryThing, One Book group page.

As above, staff will be handling creating new threads for American Gods until official discussion begins on March 10. Prior to that date, please use Spoiler tags liberally! After that point, all group members are free to start new threads.

More?

I hope you’ll join us for one—if not both—of these reads! If you have any general One LibraryThing, One Book questions or feedback, those are always welcome in this thread.

Labels: One LibraryThing One Book

Friday, January 10th, 2014

New Feature: Spoiler Alert!

To accompany the next few rounds of One LibraryThing, One Book, we’ve rolled out another nifty feature that’s been requested for quite some time now: a spoiler tag. Use it throughout OLOB discussion, and anywhere you deem necessary on LibraryThing.

How does it work?

All you have to do is enclose the spoiler-y text in a “spoiler” tag, like so:

“And the real murderer was actually <spoiler>you</spoiler> all along!”

Your result will look like this:

“And the real murderer was actually you all along!”

If you’re desperate to share what happened at the end of a good book, but don’t want to give too much away, just wrap the sensitive lines in a spoiler tag. You’ll avoid unintentionally ruining someone’s read-through (and if they do actually click on it, well, they’ve had fair warning).

Questions? Comments?

Let us know over on Talk.

Labels: features, new features

Tuesday, January 7th, 2014

January Early Reviewers Batch is Live!

Our very first batch of Early Reviewer books for 2014 is up! We’ve got 87 titles this month, and a grand total of 2,890 copies to give out.

First, make sure to sign up for Early Reviewers. If you’ve already signed up, please check your mailing and/or email address and make sure it’s correct.

» Then request away!

The deadline to request a copy is Monday, January 27th at 6PM Eastern.

Eligiblity: Publishers do things country-by-country. This month we have publishers who can send books to the US, Canada, the UK, Israel, Australia, France, and many more! Make sure to check the flags by each book to see if it can be sent to your country.

Thanks to all the publishers participating this month!

Tundra Books Henry Holt and Company Ashland Creek Press
Indie Streets Pets Unchained JournalStone
Bethany House Putnam Books Riverhead Books
21 Pages Prospect Park Books Bards and Sages Publishing
John Ott Quirk Books Bluffer’s Guides
William Morrow Demos Health Orca Book Publishers
Blacksmith Books Taylor Trade Publishing Muskrat Press, LLC
Crown Publishing Gotham Books Akashic Books
Apex Publications Penguin Young Readers Group Fantastic Books
Ballantine Books Recorded Books Palgrave Macmillan
Bantam Dell CarTech Books HotCore Yoga Press
Eerdmans Books for Young Readers BookViewCafe PublicAffairs
Rocky Pines Press Zonderkidz The Permanent Press
Blue Mongoose Publishing Random House

Labels: early reviewers, LTER