All posts by jbp1@duke.edu

Ad-Blocking … and a Mea Culpa

It’s all but impossible to use the internet and not be aware of the sheer quantity of advertising out there. Some estimates suggest Google alone serves out nearly 30 Billion ads per day; other estimates suggest 300-700 ads are shown per person per day. In trying to get more eyeballs on their images, advertisers have resorted to more and more intrusive ad displays — pop-over ads (so you can’t see content until you close the ad), pop-under ads (so even after you’ve left the site, you’ll see one more ad), animated gifs (the motion naturally causes your eye to look at it), auto-playing (and loud) videos. More recently, ads have even been implicated in malware attacks.

So it’s no surprise that ad-blocking technology is now mainstream. All major browsers have multiple ad-blocker plug-ins, and any list of “Best Add-Ons for <browser>” will likely include at least one. By blocking ads, these plugins reduce the annoyance of the ads while also helping protect your privacy by reducing sites’ ability to track you.

As an additional bonus, they can also accelerate your web browsing — by not downloading all that ad content, you’re able to see the “real” content faster. A New York Times article showed that between 33% and 50% of the time to download a page was due to advertising — and in extreme cases, advertising could be 80% or more of the time to download and view a webpage.

In IT-Core Services, we had intended to deploy an ad-blocker to all of the public computers in order to allow our patrons and users to block ads while they were doing work, collecting papers, or doing research on Library computers.  The plugin is called “uBlock Origin” and is one of the leading open-source ad-blockers around.

But … Oops.

We accidentally pushed it to all public AND staff computers several months ago.

Given the very few number of tickets we’ve seen about it, we’re guessing people either didn’t notice, or else welcomed the arrival of uBlock.  We’re now planning on keeping uBlock deployed on all staff and public computers.  We feel that the privacy, performance, and security benefits of uBlock outweigh the desire for a “ad-full” web experience — and you can easily un-block any websites you want to, if you find that the blocker is somehow interfering with that site.

How to Un-Block a Website:

To unblock the websitethat you’re visiting — that is, to show the ads on the page — look for the uBlock logo (a brick-red shield) at the top of the main browser window.  Clicking that logo will pop up a dialog box like this:By clicking on the power-button symbol (circle with the line at the top), you’ll tell uBlock to NOT block ads on that webpage in the future.  You should then reload the page to get the ad-full experience (by default, un-blocking a website does NOT reload or re-display the ads, you must explicitly reload the page).  Note:  if the uBlock logo is grey, or the power-button icon is grey, then the current website is already un-blocked (and the browser is showing you the ads).

How to Un-Block All/Many Websites:

To unblock a lot of websites at once, you have to go to the uBlock “Dashboard” or settings menu.  Again, click on the uBlock shield logo at the top of the browser window, then look for the 3-sliders icon (immediately below the power-button, to the right of the dialog box).  Clicking that will bring up a new virtual webpage with a variety of settings on it:

Click on the “Filter Lists” tab and you’ll see a set of “Filter” checkboxes.  Each checkbox represents a set of websites that are to be blocked (checked) or unblocked (unchecked).  To unblock all websites — to essentially deactivate uBlock Origin altogether — just uncheck all of the Filter sets.  FWIW, most of the filter-sets have Home icons where you can find more info on what that filter-set does (e.g. “Malware Domains” links to a website at malwaredomains.com, which is run and maintained by the company RiskAnalytics).

If you have any questions, please just submit a ticket and someone will get back to you.

(title image is the “Million Dollar Webpage“, I’ll link you to the Wikipedia page rather than the ad-full page!)


UPDATE – 15 Feb 2019 – uBlock and DUL Newsletters:

While a great many websites will work fine with uBlock Origin installed, it turns out the Library’s own newsletter system does NOT!  If you are experiencing problems with the newsletter, go into the uBlock settings (process described above) and go to the “Filter Lists” tab.  One of the filter-sets at the bottom is named “Peter Lowe’s Ad and tracking server list” — this is the one that seems to catch the iContact server used by our newsletter.  If you disable that (the box will be un-checked), then reload the page, you should be back in operation.  Sorry!

A New(-ish) Look for Public Computing

Photo of library public computing terminals

Over the past year, you’ve probably noticed a change in the public computing environments in Duke University Libraries. Besides new patron-facing hardware, we’ve made even larger changes behind the scenes — the majority of our public computing “computers” have been converted to a Virtual Desktop Infrastructure (VDI).

The physical hardware that you sit down at looks a little different, with larger monitors and no “CPU tower”:

Close-up photo of a public terminal

What isn’t apparent is that these “computers” actually have NO computational power at all! They’re essentially just a remote keyboard and monitor that connects to a VDI-server sitting in a data-center.
Photo of the VDI serverThe end-result is really that you sit down at what looks like a regular computer, and you have an experience that “feels” like a regular computer.  The VDI-terminal and VDI-server work together to make that appear seamless.

All of the same software is installed on the new “computers” — really, virtual desktop connections back to the server — and we’ve purchased a fairly “beefy” VDI-server so that each terminal should feel very responsive and fast.  The goal has been to provide as good an experience on VDI as you would get on “real” computers.

But there are also some great benefits …

Additional Security:
When a patron sits down at a terminal, they are given a new, clean installation of a standard Windows environment. When they’re done with their work, the system will automatically delete that now-unused virtual desktop session, and then create a brand-new one for the next patron. From a security standpoint, this means there is no “leakage” of any credentials from one user to another — passwords, website cookies, access tokens, etc. are all wiped clean when the user logs out.

Reduced Staff Effort:
It also offers some back-end efficiency for the Specialized Computing team. First off, since the VDI-terminal hardware is less complex (it’s not a full computer), the devices themselves have been seen to last 7 to 10 years (vs. 4 years for a standard PC). There have also been reports that they can take quite a beating and remain operational (and while I don’t want to jinx it, there are reports of them being fully submerged in water and, once dried out, being fully functional).

Beyond that, when we need to update the operating system or software, we make the change on one “golden image” and that image is copied to each new virtual desktop session. So despite having 50 or more public computing terminals, we don’t spend 50-times as much effort in maintaining them.

It is worth noting that we can also make these updates transparent to our patrons. After logging in, that VDI session will remain as-is until the person logs out — we will not reboot the system from under them.  Once they logout, the system deletes the old, now-outdated image and replaces it with a new image. There is no downtime for the next user, they just automatically get the new image, and no one’s work gets disrupted by a reboot.

Flexibility:
We can, in fact, define multiple “golden images”, each with a different suite of software on it. And rather than having to individually update each machine or each image, the system understands common packages — if we update the OS, then all images referring to that OS automatically get updated. Again, this leads to a great reduction in staff effort needed to support these more-standardized environments.

We have deployed SAP and Envisionware images on VDI, as well as some more customized images (e.g. Divinity-specific software).  For managers who don’t otherwise have access to SAP, please contact Core Services and we can get you set up to use the VDI-image with SAP installed.

Future Expansion:
We recently upgraded the storage system that is attached to the VDI-server, and with that, we are able to add even more VDI-terminals to our public computing environment. Over the next few months, we’ll be working with stakeholders to identify where those new systems might go.

As the original hardware is nearing it’s end-of-life, we will also be looking at a server upgrade near the end of this year. Of note: the server upgrade should provide an immediate “speed up” to all public computing terminals, without us having to touch any of those 50+ devices.

Shiny New Chrome!

Chrome bumper and grill

In 2008, Google released their free web browser, Chrome.  It’s improved speed and features led to quick adoption by users, and by the middle of 2012, Chrome had become the world’s most popular browser. Recent data puts it at over 55% market share [StatCounter].

As smartphones and tablets took off, Google decided to build an “operating system free” computer based around the Chrome browser – the first official Chromebook launched in mid-2011.  The idea was that since everyone is doing their work on the web anyway (assuming your work==Google Docs), then there wasn’t a need for most users to have a “full” operating system – especially since full operating systems require maintenance patches and security updates.  Their price-point didn’t hurt either – while some models now top-out over $1000, many Chromebooks come in under $300.Acer Chromebook

We purchased one of the cheaper models recently to do some testing and see if it might work for any DUL use-cases.  The specific model was an Acer Chromebook 14, priced at $250.  It has a 14” screen at full HD resolution, a metal body to protect against bumps and bruises, and it promises up to 12 hours of battery life.  Where we’d usually look at CPU and memory specs, these tend to be less important on a Chromebook — you’re basically just surfing the web, so you shouldn’t need a high-end (pricey) CPU nor a lot of memory.  At least that’s the theory.

But what can it do?

Basic websurfing, check!  Google Docs, check!  Mail.duke.edu for work-email, check!  Duke.box.com, check!  LibGuides, LibCal, Basecamp, Jira, Slack, Evernote … check!

LastPass even works to hold all the highly-complex, fully secure passwords that you use on all those sites (you do you complex passwords, don’t you?).

Not surprisingly, if you do a lot of your day-to-day work inside a browser, then a Chromebook can easily handle that.  For a lot of office workers, a Chromebook may very well get the job done – sitting in a meeting, typing notes into Evernote; checking email while you’re waiting for a meeting; popping into Slack to send someone a quick note.  All those work perfectly fine.

What about the non-web stuff I do?

Microsoft Word and Excel, well, kinda sorta.  You can upload them to Google Docs and then access them through the usual Google Docs web interface.  Of course, you can then share them as Google Docs with other people, but to get them back into “real” Microsoft Word requires an extra step.

Aleph, umm, no.  SAP for your budgets, umm, no. Those apps simply won’t run on the ChromeOS.  At least not directly.

Acer ChromebookBut just as many of you currently “remote” into your work computer from home, e.g., you _can_ use a Chromebook to “remote” into other machines, including “virtual” machines that we can set up to run standard Windows applications.  There’s an extra step or two in the process to reserve a remote system and connect to it.  But if you’re in a job where just a small amount of your work needs “real” Windows applications, there still might be some opportunity to leverage Chromebooks as a cheaper alternative to a laptop.

Final Thoughts:

I’m curious to see where (or not) Chromebooks might fit into the DUL technology landscape.  Their price is certainly budget-friendly, and since Google automatically updates and patches them, they could reduce IT staff effort.  But there are clearly issues we need to investigate.  Some of them seem solvable, at least technically.  But it’s not clear that the solution will be usable in day-to-day work.Google Chrome logo

If you’re interested in trying one out, please contact me!