Tuesday, April 29, 2008

Fight SPAM with reCaptcha

We’re having trouble with SPAM here at the Missoula Public Library. Four times in the past week, on four different accounts, the user gets a lot of SPAM. This will last for hours. Then it stops.

Our accounts generally get a few to a few dozen SPAM emails over the course of a day. But these episodes will bring in hundreds of messages over a period of minutes to hours. So it is a pretty noticeable effect when it happens.

We have three layers of SPAM and virus protection at MPL. You may think that Jim wears suspenders, a belt, and hangs on to his pants as well, and maybe I do sometimes, but layered protection is one of the main tenets of computer security. We have a layer of protection at our ISP, there is a layer at our perimeter (the router), and another at our mail server. Still we see this SPAM.

We are in a period that is seeing a lot of new exploits being tried out. Have a look at http://isc.sans.org/diary.html?storyid=4343 for an interesting analysis of one’s person’s SPAM.

We’re not actually getting so much SPAM itself as the failed detritus of attempted mailings. We are getting a lot of “Undeliverable” messages. It works like this. This spammer has a list of millions of email addresses. Some of them are valid, some are not. He sends a mortgage refinancing email to all the millions of addresses. He is careful to set the sender address of all these emails to some valid address, because email servers are getting clever enough to verify that the return address must be valid or they won’t accept the email.

So what valid sender email address does he put in the SPAM he sends out. In some of them he is putting our main library contact address. So when the SPAM gets to an email server and the server says there is no such user at that address, the mail server automatically sends out an “undeliverable” message. And that comes back to us here at MPL.

How do they get our email addresses? There are robots that roam websites looking for email addresses and collecting them. Have you looked at our website lately? We have email addresses all over it; contact addresses, staff addresses, board members, etc. That’s only one way these robots collect addresses. They also get them from listservs, signatures, and more.

Contrary to my inclination, we have had addresses on our website for a long time, but now we have a good alternative. Ben Miller is our webmaster and a bright color in the box here at MPL. He is in the process of doing good in the world and protecting our email addresses at the same time. Before you can see one of our email addresses you have to identify a word. The words that are presented are part of a digitization project.

Take a look at recaptcha.net and think about what you can do to protect your addresses and help digitize hard to read texts. See how it is working for us by going to http://www.missoulapubliclibrary.org/contact.htm. Try clicking on “Ben Miller” to see how the process works.

Monday, April 28, 2008

initial thoughts on kindle

Okay, so I broke down and bought a Kindle. The deciding factors proved to be that they had finally caught up to demand so I could have it in hand within a week of ordering, and I'm starting my spring/summer travels so I would actually be in locales where I could try out the wireless capabilities.

I like the fact that I could pretty much figure out how to use it right out of the box. I'm one of those people who never reads instructions. As one of my tech gurus put it, having to resort to reading instructions amounts to a product design flaw.

Ordering and transferring books and periodicals is a bit clunky without the wireless function. You have to
  1. get on your computer
  2. go to Amazon's internet site
  3. find the item
  4. purchase it
  5. open up the Amazon library
  6. download the item to your computer
  7. open up Windows Explorer
  8. attach your Kindle to your computer via USB port
  9. copy and paste to your Kindle document folder
The location of the document folder turns out to be a key factor. Not having read the instructions, I got as far as copying to the Kindle but couldn't figure out why it couldn't find my book. Instructions and/or Amazon support staff are very helpful.

I also had some problems with a couple of Kindle periodicals I subscribed to. Their status was listed as pending for two days. I contacted Amazon's support staff and they "reactivated" the subscriptions. Once they were active, I could download and transfer using the steps above. While it seems workable for books and monthly, or possibly even weekly periodicals, I don't think I'm going to be subscribing to any newspapers in the near future.

One of the interesting pluses I've discovered is that the Kindle works with Audible.com audiobooks. I already had a couple on my computer so I was able to copy one to my Kindle using Windows media player. One of the downsides of the Kindle is that it only has 185 MB of available memory built in. While this is probably quite adequate for book reading (I was surprised to find that the first book I ordered was only 227K in size), it's going to fill up quickly if you want to listen to audiobooks and/or MP3s on it. But you can add a memory card which will be one of my next purchases. Anyway, I did load one 16 hour audiobook on it, at a Audible 3 quality level. The Kindle has a small speaker and a headphone jack. The audiobook controls on the Kindle are really nice. But then this is a very expensive audiobook reader! Still it's a nice feature. It does not, however, work with Overdrive.

It comes with a dictionary so you can look up words while you're reading. You can also add notes and clip and bookmark sections. There are also a number of wireless features that I have yet to try out, including wireless access to the Kindle store. I suspect that the absence of that feature will save me money in the long run. I also still have to try out converting and transferring other documents.

I'd rate the readability and usability right out of the box as good. I like the fact that you can easily increase or decrease text size. This becomes increasingly important to aging eyes. I brought my Kindle along to Walker's last night and passed it around to a table of friends. They were all fairly tech savvy and picked up how to navigate and use it pretty quickly. It was readable even in jazz night lighting. One appeal is the green aspect of fewer magazines and newspapers in land fills. They were impressed but thought it too pricey at $399. They might be interested at about half that price.

Overall, I'm pleased with the Kindle thus far. I wouldn't recommend it for purchase in Montana until wireless is available in the state. That seems to be what really makes it work. For those of us outside Sprint's wireless network, it's like we're being sold a car without wheels. Yeah, it's all great but it doesn't go anywhere. For the foreseeable future, it will always be slightly broken. Nor do I have any immediate notion of how or whether Kindle will be useful in libraries. IMO, it's too expensive to purchase and check out. And it remains to be seen what this access vs. ownership model of books will mean for libraries. But one could argue that we've already moved in this direction for periodicals. And it is another significant move toward instant electronic availability at a time when Montana libraries are still struggling with how to move large quantities of books across the state. Sometimes it seems like I'm caught living simultaneously in two different eras.

Friday, April 18, 2008

twitter and pownce

I finally gave in and signed up with Twitter. I have to say up front that I've had some mixed feelings about it. There is something at least slightly creepy about signing up to follow and be followed. I can't help but translate into stalking or being stalked.

But Steve McCann convinced me that I really do need to know about this. So, I'm stalking him.

For those of you who are unfamiliar with Twitter, you send brief updates periodically via the web, IM or text message. Those updates are posted on your Twitter site and go to those who are following you. In return, you get updates on your site from everyone you're following. If you want to see what it looks like, you can check out my Twitter page. Note the somewhat scary and crazed-looking South Park avatar in the background. This should make any potential for real stalkers think twice.

I'm still not sure about how libraries can make use of this. Certainly you could use it to keep patrons informed about upcoming library events and/or new books. There are also ways for blog updates to show up on Twitter. In the meantime, I'm looking for some good library examples. So, if you know of any, send them my way. And I'm trying to avoid those that give me TOO MUCH INFORMATION. I set up a Twitter account for MT Bibliotechies that will use an RSS feed so Twitter's another way you can keep up with tech postings.

Pownce is another variation. What's different about Pownce is that you can not only share text but also media with your friends. That means you can send photos, videos, music files. I'm not sure what the size limit is for free accounts. But if I'm puzzled as to how to use Twitter in libraries, I'm even more puzzled with Pownce. But the event feature has some potential. I just posted a notice about an upcoming author event at Parmly on my Pownce page.

Don't be surprised if one or both of these apps shows up in a future Library 2.0 class. In the meantime, if you want to try them out and start building a network, feel free to follow me. It really is all about being where your users are.

Tuesday, April 15, 2008

Latest Symantec Internet Security Threat Report

This is my first post on the Montana BiblioTechies blog. Thanks to all you MBTs for inviting me. I hope to be a good MBTT (Montana BiblioTechie Trainee). My angle is security and my inclination is toward Microsoft products. I run a completely Microsoft shop at MPL, although that is slowly changing with some MAC OS and soon some Linux flavors.

Every six months Symantec publishes a document called the Internet Security Threat Report. The report on the last six months of 2007 has recently been released. The short version, which I have linked to above, is 36 pages of geek-speak.

One of the leading interesting points is that attacks are increasingly going web-based. What does this mean? Haven't we always had to be careful about clicking on urls we get in email?

Yes, you have, and now you need to be even more careful. The document states at one point that "... attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites." Attacks against generally trusted sites are getting more clever and so more successful.

What does this mean for the Montana librarian, who doesn't have a CS degree and doesn't stay up to the wee hours learning how to protect themselves? I think it means that you simply pay attention to the basics, and always keep your ear open to getting a little more security savvy.

The basics are Windows updates, anti spyware and anti virus, and good passwords. This is a good start. Keep up with your Windows updates. The latest from Microsoft are released the second Tuesday of every month. You should have your PCs updated by the end of that week.

All the main antivirus vendors are good so which one you use is not as important as that you should be using one or another. I also use Spybot which is a free antispyware product. Run a manual scan every week or two and you might be suprised at what you collect on your PC.

I'll talk about passwords in a later post as I tend to drone on about passwords.

Thanks y'all.

Friday, April 4, 2008

online audio/video poetry

April is poetry month so I thought I'd put together some of the websites where you can find poets reading their works:
  • Borders Open Door Poetry - video poetry readings along with print versions of the poems.
  • UCTV (University of California Television) - UCTV has a series called Lunch Poems. You can watch or listen online or you can subscribe to the podcast and download new programs as soon as they become available.
  • PBS NewsHour Poetry - watch or listen online, download readings, subscribe to podcasts, read profiles along with additional information for teachers.
  • YouTube has poetry videos. You should probably exercise some caution if you're directing patrons there as a resource. For example, there are a number of Def Poetry videos where some might find the language offensive. But you'll also find fascinating gems like Billy Collins Animated Poetry:

  • Poets.org (Academy of American Poets) - information about poets and poems, resources for teachers and librarians for National Poetry month. Listen to poetry readings, sign up to receive a poem a day by email in April. They also have some interesting widgets for Mac users and a Poetcast (podcast) - you can subscribe to.
  • Writer's Almanac - you may be familiar with Garrison Keillor's program on NPR. It's also available as a podcast.
  • Poetry Foundation - a lot of information and poems you can listen to as well as several podcasts.
  • Classic Poetry Aloud - listen to classic poetry online or as podcasts.
  • Finally, it's worth keeping an eye on some of the events podcasts from major public libraries. I ran across a reading by one of my favorite contemporary Polish poets, Adam Zagajewski, as part of theLos Angeles Public Library ALOUD series.