Still Here, however, this blog will no longer be updated

It has been over a year since the last blog entry, and in light of lack of feedback and inspiration, I've decided to stop updating this blog. However, for archival purposes, I'm leaving the entries up.

We'll be looking at updating the Technology page on our website and using our Facebook page for future technology-related updates. You can find them through Iosco-Arenac District Library

For those who read, and more importantly commented, thank you.

Technology-wise, we've been hard at work. We now offer Overdrive, allowing patrons to borrow eBooks and Audiobooks using their own Tablet, e-reader, phone or PC, we're phasing out Windows XP in favor of Windows 7 Pro, and this year, we're hoping to upgrade six of our eight locations to fiber.

Feedback on Children Designated Computers

As we add more computers and maintain them, a new question has come up about computers for use by children under 12.

As you may know, our policy for minors on computers is that for anyone under 13, they must have a signed parental consent form or use a computer that has no Internet access. We maintain a small number of these systems that have software titles geared toward reading and mathematics among other subjects. However, with the phasing out of older computers and the push toward adding more public access computers, the children's computers may be falling behind the wayside.

Recently, one branch has asked us to remove their children's computer from the children's area for safety reasons as their computer is near the door and hence worried about children being left unattended.

However, other libraries have different needs and may want computers geared toward children. If so, it would be a good time to update the software they use, and retain some of the reading titles.

The specs for the computers would be:

Dell Optiplex GX270 or newer
Pentium 4 or newer
1GB RAM minimum
DVD/CDRW with DVD playback
17" LCD monitor
Ubuntu with Edubuntu and Wine (for running Windows children titles)

For reduced cost and improved security, as well as the availability of more software at no cost, Ubuntu Long Term Service 10.04 would be used as the operating system instead of Windows. Viruses and malware would be of no concern (for now) and the range of available free software is immense. The software centerpiece would be a suite of educational software collectively known as Edubuntu. Edubuntu is a version of Ubuntu geared toward education. There would still be no Internet access via a web browser, but printing and remote diagnostics and updates.

Another possibility is to include links to children-friendly sites, which is an area that we need to revisit.

We encourage anyone to post their comments or contact us.

Public WiFi Switchover

On Saturday, August 7 at 12-noon, we will no longer be requiring users to login or create accounts. Since usernames and passwords are no longer needed, there's no need for SSL. All you will see is our revised Acceptable Usage Guidelines. During the switchover, which only requires making a few small changes to each hotspot and the authentication server, there may be a disruption in wireless service.

For your convenience, the revised Guidelines are posted below. They will take effect August 7, 2010 at 12:00 P.M. All existing account data, including e-mail addresses, will be deleted shortly thereafter. Usage statistics, based on the old data, will be generated before the deletion and will not include any personally identifiable information.

NOTE: Registering for an account and requiring a username and password is no longer required.

Please read the following. Clicking “OK” signifies your agreement to our Acceptable Use Guidelines.

Guidelines for Public Wireless Internet Access

Iosco-Arenac District Library has open wireless Hot Spots for patrons that use laptop computers with wireless cards for Internet Access. All patrons using our Hot Spots are subject to the following guidelines. Failure to follow these guidelines will result in loss of access.

Access via a hot spot is to the Internet only. There is no content filtering. Any user that is connected to a Hot Spot at any of our branch libraries is authorized to be connected. Access to our other equipment for any purpose without prior authorization is not permitted.

There is no file sharing, print sharing, or other activity that involves Staff or Public Access Computers.

The patron is responsible for their own equipment. Windows users are strongly urged to have at minimum: A working firewall, Anti-virus protection that is updated daily and Anti-Malware protection that is updated monthly. Microsoft Update should be run at least monthly to ensure security patches are installed. We are not responsible for providing technical support, data loss or equipment failure. Our responsibility is to our own equipment and ends at the wireless Hot Spot.

No technical support is provided beyond help documents and help establishing wireless connections. We reserve the right to deny technical support.

Public wireless is not a guaranteed service; it may go down for any reason. Available bandwidth is throttled to a maximum of 256kbps to protect our mission-critical systems from connectivity loss and resource abuse.

Any abuse or tampering will result in a patron's MAC address being blocked.
Information about WiFi activity is limited to the following: 
1.Location of Hot Spot used
2.MAC address (the hardware address of the network adapter used)
3.Time Connected
4.Time Spent Connected
5.Amount of data downloaded and uploaded
6.The above information is only kept for a period of 6 months and is used only for statistical purposes (Hot Spot performance and troubleshooting) and is not available to the public.

As the hot spot is an open system, no encryption is used. This system is not recommended by users that do banking or other activities that require confidential information, unless the connections themselves use SSL or are through a Virtual Private Network (VPN). The WifiDog server itself receives regular security and software patches and utilizes a firewall and non-standard ports for certain applications.

Branch libraries may restrict wireless access to certain areas of the library. Users should not expect to have access to an outlet for plugging in their computer.

Comments or problems, please e-mail postmaster@ioscoarenaclibrary.org or abuse@ioscoarenaclibrary.org
REVISED July 14, 2010

Note: Yes, if you noticed the revision date, everything related to Public WiFi was ready to go back in mid-July.

So, why August 7?

As noted in previous blog entries, the hotspots shared the same physical network with our computers and printers, which posed a potential security risk if a wireless access point was simply left open without any kind of authentication system. That was one of the reasons why we tolerated the issues with validation e-mails not always getting through (which required us to manually validate a user), and confusion over SSL certificates.

With the prototype Network Box in Oscoda up and running, and the next-to-last Production Network Box being put into service tomorrow morning, security is much less of a concern than before. This is because the Network Boxes act as a barrier between wireless access to the Internet and a library's internal network.

Network Box Update

The initial batch of Network Boxes have been prepared and are ready for deployment. We're still waiting on two final boxes to be shipped by the vendor.

Once these boxes are deployed, we will immediately switch to splash-only mode on our Public Wireless system. The requirement for accounts and registration will be eliminated, and statistical information will still be retained. Our instructions and acceptable use policy has been updated to reflect these changes and spell out what statistical data is retained and for how long.

Deploying a box to a branch requires changing the network settings on every computer and network-connected device. This is a time-consuming process. To minimize any service interruption, all deployments will take place after business hours.

The estimated date of the switch is August 30, 2010, but may be sooner.

Upcoming Public Wifi Changes

Finally, after a few little snafu's (primarily in communication) the hardware for the network boxes has been ordered and are being assembled.

Another change, which is going to take place after all the units are deployed, is that I will be eliminating the registration scheme on our public wifi. While signing up for a wifidog account is free and the system has worked, it has not been perfect. The biggest problem is that the validation e-mails don't always go through, requiring them to contact the office to validate the account or simply to register under something else.

The other problem is that we use SSL to prevent anyone from intercepting user names and passwords. While SSL is terrific, the site certificate we use is not from a Certificate Authority. So, people get to our login page get a warning and either don't proceed or continue

Finally, every six months, I have to go into the Database, identify users that aren't validated, and remove them, along with the statistical data collected. Which is:

1. Location of Hot Spot used
2. User's name and MAC address (the hardware address of the network adapter used)
3. Time Connected
4. Time Spent Connected
5. Amount of data downloaded and uploaded

Therefore, our current solution is not elegant. Why use it then?

The most important reason is security. The wireless access points (which allow people with laptops to connect to the Internet) are plugged into the same physical network that our computers are on. Therefore, having an open unrestricted access point would be akin to leaving the front door to your house unlocked, with a sign that says "come in" to anyone who can see it. By requiring users to register, if there's an intrusion into our computers, it could give us a potential lead on the perpetrator.

The other reason is that we wanted to know how much use each access point gets. It helps us figure out what resources and improvements in service we need to make.

Since the boxes have a third physical network port that'll allow a direct link to the Internet, the security risk of someone being on the same network as the rest of our equipment is eliminated. So, we're going to do away with user registration and SSL (since there'll be no accounts to hijack) and switch to splash-only mode. Splash-only mode simply redirects you to our WifiDog portal page, shows you our acceptable use policy, and then redirects you to Internet. We'll still collect statistical information, and likely the same as above, less the username.

Since I still have to get the software loaded and configured, as well as deploy the boxes, the change to Splash-only mode will likely take place between July 31 and August 30 of 2010. The plan is to deploy all the boxes to all our branches, then do the settings switch.

A New Project

This is more of a short news item than a long article. For the past several months, we've been testing a headless server at one of our branches. It has been a success, and we're moving ahead on building another eight (one of which will be a backup and development unit).

These boxes are going to handle localised content filtering and caching, as well as provide a secure data link between a library and headquarters and a more secure firewall. It will also allow us to make more efficient use of our bandwidth.

Currently, we have only one server that handles filtering and caching for seven of the eight libraries. So, for our patrons to get to the Internet, they have to go through our server at headquarters first. When you consider that a couple dozen users go through a single T1 at the same time from off-site, you begin to see how slow and congested it can get.

Our security relies on knowing what software we have, regular software patches, as well as user intervention to spot problems. While we've had few problems, and haven't had any major data loss or downages, the potential for trouble is always going to be there. These network boxes will isolate our internal networks from the Internet, and provide a secure portal for all the data to go through. For our patrons who use wifi, they'll still be able to access the Internet while remaining isolated from our equipment.

We're requesting quotes from vendors right now, and we're hoping to purchase the hardware we need by the end of the week or early next week. The operating system will be Ubuntu 10.04 LTS Lucid Lynx. This is one of their long-term service releases which will have support for five years. I've been using LTS on my own personal server at home and on my laptop and office workstation without issue. Deployment of the boxes will be in early July after hours to avoid any disruption.

What will they look like? Each unit is just a black box with a locking front cover that you won't see or even notice.

Surplus Sale

We have started a Surplus Sale for pieces of older computer and electronic equipment. Details can be found here:

Surplus Sale

A few things you should know.

Printers: All the printers we're selling do power on, however, they are being sold as-is. Read the descriptions as not every printer is complete.

Fax Machines: They are untested, and with the exception of the thermal fax, their operating condition is unknown.

Computers: We include the original disks where possible, and you are free to install the operating system of your choice (though, avoid Windows ME like the plague). The graphics cards are either AGP 2/4x or Intel Integrated graphics. They can handle standard definition video playback and handle Internet and office tasks. For gaming, you will want an AGP or PCI graphics adapter 128MB of RAM or more. As for High Definition video, none of the computers being sold can't handle more than 480p, and there would likely be skipped frames and stuttering.

Note about Operating Systems: Linux Mint 8 32-bit is pre-installed on every computer with 256MB of RAM or more. The Gateways have DamnSmallLinux pre-installed. All the computers have Ethernet and Audio, making them ready for Internet use (if you already have Broadband and an Internet router, all you need is a network cable). I chose Linux Mint 8 because there's no need for anti-virus or anti-malware software, everything you need is already there and ready to go (CD Burning, DVD, Flash media, etc), and it's free to use and distribute. We encourage you to at least give it a try first if you plan on reinstalling XP. Computers that have only a CD-ROM drive need only a DVD-ROM drive to play DVDs.

Note about RAM: 1GB of RAM is the recommended standard for running Windows XP and any Linux-based operating system, and 2GB for Windows 7 or Vista (3GB Max for 32-bit operating systems). It's literally a plug-and-play procedure to upgrade the RAM on any PC.

However, the RAM used in the Gateway E4400 and Dell Dimension 8100 use a different type of RAM, called Rambus, PC600 for the Gateway and PC800 for the 8100. Unlike other RAM, you have to install the modules in matched pairs. So, if you want to upgrade 128MB to 256MB and there are only two slots, you need two 128MB RAM modules. Given the cost, 512MB RAM is the maximum you should get for the E4400 given it has two memory slots. With 4 slots on the 8100, you can get four 256MB modules to equal 1GB.