Don’t be a drone, use a drone

If your college library is anything like my local college library, they hand deliver physical materials requested by faculty. I repeat, to faculty, not to students. It is not a frequently used service but for some busy researchers or physically disabled researchers on campus, it is a tremendously useful service to provide the hand delivering of books and articles. The question isn’t why are they providing this service, but how. Why do college libraries continue to physically deliver books when there are faster and more autonomous delivery methods? Why aren’t libraries exploring other methods to get books to our busy patrons instead of requiring them or a busy librarian to trek across campus to facilitate access to a book?

To answer these questions let’s digress. In recent news, there were many advancements in transportation, the biggest relates to autonomy. If you took your nose out of that book for a few minutes, you may have seen the Top Gear episode where the lumbering Jeremy Clarkson tested an autonomous BMW…at full speed…on a race track.

This raises a few interesting questions for physical information delivery. These dots are far apart, please allow me to connect them for you. If Top Gear and Amazon are exploring autonomous transportation via cars or book delivery drones, there is no reason why libraries should not be exploring the use of book delivery drones.

It may seem incredibly far fetched for universities to implement drone book deliveries, but let us count the ways college libraries might save money. For one faculty book delivery what is the cost to a university? First there is the acqusition. Universities often provide a golf cart for library book deliveries. For a golf cart, your library would spend $2500 for a used cart, or $7500 for a new one. You’ll be delivering books in the cold, so you will need a golf cart cover to protect you, that’s another $200 bucks.

Next there is the training. You don’t want staff driving a golf cart irresponsibly, this requires driver training courses to lower your insurance risk. Let us arbitrarily assume the golf cart driving course is an hour in length. During this hour, surely the librarian is on the clock. The ALA median MLS salary is $53,000. Let’s assume the golf cart-driving librarian is an entry level staff with a salary at $42,000, putting his hourly wage around $23. Not factoring in the long term costs of delivering articles to faculty on campus, the initial start-up cost for the service is: $4000 (golf cart)+$200 (cart cover)+$23 (an hour of training) = $4223.

Putting all other reasonable drone implementation questions aside, what does the average book delivery drone cost? If you want a duel purpose drone, you can buy a military grade UAV for only $2600. It appears the choice is obvious, your library should buy a drone. Book delivery drones will be used by libraries. The question is how soon will your library be the bomb?

This article was originally published in February 2014 at Berrypicked.com and has been re-posted here for self-archiving purposes.

Library Phishing Disaster Plan

If you work for any library, big or small, more often than not your library email account will be used by a hacker in a phishing attempt. If unfamiliar you may be asking, what is phishing? Chances are you probably have already opened another browser tab and googled “phishing” and you have now returned to this tab to pick up where you left off. For those who aren’t information go-getters, please allow me to explain a few things about phishing followed by reasons why librarians as information professionals should always be on the look out for phishing attempts even if you don’t work in library IT.

Phishing is a complicated piece of hacking an organization through social engineering. Lucky for you, I am not a computer engineer, so my explanations will be simple by default. Hackers have multiple methods to hack an organization. As analogous to thieves, hackers can break your car window, which will be loud and draw attention. This method will get the job done, but you have to see what you want to take in the car and be quick; you must know what you want from a library system by hacking in such an obvious function. The other method of breaking into a car is less obvious and requires more finesse. If you want to break into a car, I assume you could try to pick the pocket of the owner. The digital equivalent of pick-pocketing a website might be impersonating a library employee’s email address and emailing multiple patrons requesting a patron reset his or her password on what appears to be a library website. However the library website is a copy with a different but similar URL. If successful, a hacker might get a few dozen patrons to compromise their library login credentials.

The risk for this attack is different depending on what type of library you work for. If you work for a public library, your risk is smaller. Patron login credentials might be generic or include only their name and a library card number. But if your library is a college or a library connected to a business where patron login credentials might be connected to other payment systems, hackers through phishing could gain access to a tremendous amount of patrons’ financial information.

How much of a problem is phishing? Sadly phishing is only getting worse. From 2012-2013 phishing as a resource for hackers has seen an increase of 87%. Now having cautioned you at great length, what can you as a librarian do about phishing?

Nothing. However that isn’t entirely correct. If someone wishes to phish at your library for patron data, they could hack into your email, but that will raise security flags; its too obvious. Or they can copy your email address through a complicated method called email spoofing. Email spoofing is impossible to protect against. It doesn’t require accessing the owner’s email but instead forges the email address and the email owner’s signature. As a result no amount of digital security will protect your organization against email spoofing combined with phishing. No amount of secure password policies will protect against a hacker sending an email disguised as a library staff person to your patrons.

Hopefully your email service is good enough that your email vendor will flag the emails as spam. But hackers are constantly creating phishing email templates with specific details and email signatures to work around spam filters.

Even though email spoof phishing is impossible to protect against, through proper library staff training and quick reactions, librarians can work with their library or university IT administrators to resolve phishing attempts in a timely manner. Like any natural disaster, your staff need preparation. They need to have library phishing manuals with specific instructions for what to do if librarians are involved with a phishing attempt. Also your communications librarian may need to be involved to manage your library’s image as they control the damage. If your library reacts quickly and transparently, you may be able to show how well your library cares about the safety of its patrons’ data. And if we’ve learned anything in our increasingly digital lives, trust is a very important tool. If your organization loses that tool, patrons may not want to continue using your library.

Following a phishing attempt at your library, here are a few (obvious) tips you might follow:

1. Inform your university or library’s IT administrator. If you work for a larger company or university, you should have an IT Risk Management Officer.

2. If there is a malicious copy of your library website with a similar URL being hosted on a domain, contact or have your IT admin contact the domain registrar and demand they take down the offending website which is involved in the phishing. (This will stop more patrons from clicking the link and providing their login credentials) Normally domain registrars will comply under threat of legal action.

3. Inform public service-related library staff of the phishing attempt so they may assist in collecting information.

4. Find out what patrons received phishing emails to make sure those patrons are completely aware of their accounts being compromised.

5. Reset the login credentials for patrons who may have compromised their accounts.

Here are some colleges which have compiled databases of phishing emails with some important phishing information.

http://its.virginia.edu/secalerts/

http://www.utdallas.edu/infosecurity/Phishing.html

http://safecomputing.umich.edu/main/phishing_alerts/

This article was originally posted on Berrypicked.com and has been reposted here for self-archiving purposes.

CRISIS IN SCHOLARLY PUBLISHING

You might not have heard, but there is a crisis in scholarly publishing. Reacting to multiple consumer demands, scholarly publishers have attempted to both lower the costs of publishing research and provide greater access to research by moving to open access business models. This new(ish) business model has shifted the financial responsibility from consumers (or libraries) to producers (professors/researchers). These eager-for-publication professors are now required to often pay large sums of money to get their research in OA publications.

Most of these new open access publishers provide wonderful scholarly services, the remaining few aren’t so wonderful. Now that producers of scholarly content pay to have their research made public, open access (OA) scholarly publishers have a strong incentive to publish as much as possible, often at the sacrifice of the peer review process. To make matters worse, some dubious individuals are starting their own OA publications promising to publish peer-reviewed articles, but are nothing more than a scam.

If you have research or a conference proposal, be careful who you send it to. Do your research first before submitting for publication. Be sure to check your list of your hopeful OA publishers with a librarian to make sure they are reputable. Or you can look to see if they are on a list of dubious OA publishers by visiting the link below. And of course, be sure to check back here at the UD libraries’ blog for more details about OA publishing news. http://scholarlyoa.com/publishers

This post was originally published 6/5/2013 at my university libraries’ blog. It has been reposted here for self archiving purposes.

Library Tech Journals


I recently did an informal twitter survey of my fellow techie librarians, asking what journals they read. Below is the bounty of scholarship they shared. Thanks to everyone who responded.

http://www.lib.jmu.edu/org/jwl/

http://journal.code4lib.org

http://www.emeraldinsight.com/journals.htm?issn=0737-8831

http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1532-2890

http://ejournals.bc.edu/ojs/index.php/ital/issue/current

http://muse.jhu.edu/journals/pla/

http://firstmonday.org/index

http://crl.acrl.org/

http://www.americanlibrariesmagazine.org/

http://www.journals.elsevier.com/the-journal-of-academic-librarianship/

http://www.journals.uchicago.edu/toc/lq/current

http://www.springer.com/computer/database+management+%26+information+retrieval/journal/10791

http://www.journals.elsevier.com/information-sciences/

http://jis.sagepub.com/

http://onlinelibrary.wiley.com/journal/10.1111/%28ISSN%291365-2575

http://www.emeraldinsight.com/journals.htm?issn=0305-5728

http://www.americanlibrariesmagazine.org/rss.xml

http://www.tandfonline.com/toc/wjlm20/current#.Ul_es_lwrTo

http://www.tandfonline.com/toc/racl20/current#.Ul_cm_lwrTo

http://www.tandfonline.com/toc/wtsq20/current#.Ul_fH_lwrTo

http://www.sciencedirect.com/science/journal/00043702

Pandora: part 3

One new aspect we will explore which Pandora does not work well with, is that tempo plays a large parts in the overall feel of a song. For instance when I put into Pandora that I want to listen to one type of musician that is most known for slow songs, when I get a fast song it is very jarring. All of these analyses of Pandora are based on a criticism of the lack of depth in the algorithm that Pandora uses to find music, discover and serve music based on what users want. And of course what users want is based on the desired station or track that they create.

Let us explore for a moment what I mean when I mentioned that Pandora does not attempt to use tempo as an indicator of desired music in their algorithm. If a user selects a band, for example, the band iron and wine, what users are saying is that at that moment they want to listen to music that has a very distinct set of characteristics. If I was a musicologist, I would describe Iron and Wine as having primarily steel string guitar, slower tempo and sort of a folksy style of performing, among other qualities. And as a result when I, as a user, create a station for the band Iron and Wine, Pandora’s job is to serve to me as a user music that is very similar in style, or in the same genre. To do this Pandora creates algorithms that search metadata, or data they create to describe bands, to find music that is similar to Iron and Wine. Normally the algorithm works very well in style or genre. But what I have noticed is that when serving up similar types of music, tempo is not included in their descriptions or their metadata. To the non musician, not using tempo as an indicator of musical similarity is not a problem. But for a musician it is incredibly jarring to be listening to one type of slow music, and then all of a sudden be jerked forward by similar types of music that have much faster tempos. As a result Pandora would be a tremendously better search engine if it included in its metadata about the individual bands, the tempo of the individual music tracks. This would allow Pandora to serve only music with a similar tempo to the station created by the user.