Tuesday, November 22, 2011

E-Readers 2011

There's a whole new crop of E-Readers out in time for the holiday season. And there are a number of websites providing reviews that might help you make up your mind on which, if any, is right for you:

If you want to compare specs on various devices, here's an extensive list:
Comparing E-Readers and Tablets

I put together a much less comprehensive version that I wanted to fit on two sides of a page:
Comparison of Devices for Reading E-Books

Now that we've gotten the objective reviews out of the way, I'm presuming that some of you at least are willing to read on for my very subjective opinions.

E-Readers v Tablets

When you're trying to decide which type of device is best for you or the person for whom you want to get a gift, you first need to decide how this device is going to be used. Will it be used primarily for reading books? Will it be used for reading magazines? Is it important that you be able to watch videos on it? Listen to audiobooks or music? Are you expecting to do email and surf the web? Are games important?

Just about everyone agrees that e-ink readers are best for reading e-books. They're light and simple and relatively inexpensive. The pearl e-ink displays that are now common provide a very pleasant reading experience. I've heard some tech journalists say that the longest they can read on an LCD backlit display device is about 45 minutes without eye strain. But you can read comfortably for hours with an e-ink display.

I recently bought one of the new Kindle $79 e-readers with ads. The ads are relatively unobtrusive. They show up as screen savers when you're not reading and as a banner across the bottom of the home page. It's much smaller and lighter than my Kindle 2. They removed the keyboard from the bottom. I read a lot of nonfiction so I find highlighting and note taking to be important features. The new Kindle does highlighting about as easily as my older model using the directional keys. Not surprisingly note taking is a bit more cumbersome without the keyboard but that's really the only time I miss it. Overall, I think it's a perfectly satisfactory e-ink e-reader at an incredible price. One negative that I just discovered is that the ad screen gives you no indication when the battery is low. I tried to turn it on last night and nothing happened. I had no idea what was going on. Finally, I thought, maybe the battery is low and plugged it in. My older Kindle had a message that came up instead of the screen saver telling me to recharge. Another concern is that it feels a bit fragile and I've heard of people breaking theirs fairly quickly. I think an individual who can treat it fairly gently can probably get a reasonable amount of use out of it. But it may be too fragile for library checkouts. I've also heard complaints about an overall Kindle redesign that changes the on-off from a sliding switch to a push button and places both that and the audio jack at the bottom. This hasn't been an issue for me as I have a cover but if you're someone who rests your e-reader on your chest or stomach while you read, you can fairly easily turn it off by accident.

My current favorite e-ink e-reader is the Nook Simple Touch. Barnes & Noble recently lowered its price to $99. This e-reader is also small and light but has a really nice textured and sturdy feel to it. Another feature I like is that you have a choice of touch page turns in addition to forward and back buttons on the side. The only things I don't like are highlighting and inadvertent page turns. You highlight passages by touching the text. Maybe its just my own clumsiness but I have a difficult time getting just the phrases I want. And while the Nook has a nice border around it, I often find that as I'm drifting off to sleep, my thumb moves toward the page and frequently starts turning pages. It's not uncommon for me to open my eyes and find myself at an unfamiliar part of the book. But neither of these are deal killers by any means.

Both the Nook Simple Touch and the basic Amazon Kindle are wifi only devices. You need to be on a wireless Internet connection if you want to shop at the Barnes & Noble or Amazon stores and buy and download books/periodicals directly to your device. Both work with Montana Library 2 Go's OverDrive ebook collection. The Kindle doesn't require Adobe Digital Editions. You just check out the Kindle edition of the book. When you get to the Amazon page, you can choose to download the book to your computer and transfer it manually to your Kindle or take advantage of their whispersync over wifi to transfer library e-books. Barnes & Noble has suggested they'll be adding a similar feature to Nook.

Touch seems to be the big new feature for e-ink e-readers this fall. Kobo has introduced a new Kobo Touch. They've followed Amazon's lead and are offering a $99.99 version with ads and a $129.99 version without ads. Sony has a new Sony Reader Wi-Fi at $149.99. Amazon has several new Kindle Touch editions - $99 wifi w/ads, $139 without, as well as the only new 3G e-readers - $149 w/ads, $189 without. 3G is nice if you think you're going to be doing a lot of e-book shopping while you're away from a wifi connection, e.g., in airports or hotels where the wifi is often not free and/or not usable. 3G can also offer a convenient way to check email or do web searches. But be advised that the Kindle experimental browser is not an optimal web experience. I haven't used any of these new touch editions so I don't really have any insights or opinions to offer on which might be better.

The only e-ink e-reader that I've really disliked recently is the Google iriver Story HD. The only good thing I can say about it is that they've apparently lowered the price to $99.99 at Target. It just came out this summer but the style is at least a generation outdated. It comes with horrible little buttons on a keyboard with an awkward navigation system. The dictionary requires you to physically type in a word to look it up. It made me login to Google repeatedly. It couldn't seem to retain my login information. It is a first generation device entering the market against Amazon which is offering 4th generation Kindles and Barnes & Noble with 2nd generation Nooks. It may get better with time, but I have to ask why bother.

And I have to put in a plug for the old Sony Pocket Reader. It's no longer being sold by Sony and the online prices are often outrageous - $150+? But I've also seen refurbished models available for around $50. While not a big Sony Reader fan initially, I've come around to thinking that the Sony Pocket Reader may well be the best device for library checkout use, particularly for school libraries. That is, if you want a workhorse e-reader. These are easily the sturdiest little e-readers out there. And they don't connect to wifi so you don't have to worry about young people getting on the Internet with their e-reader and getting into trouble. You load the books and all they can do is read them. If you're looking to make e-book content available, particularly public domain books, this strikes me as good device to use to do it.  It won't be so helpful if you're checking out e-readers to familiarize your library patrons with various devices since the Pocket Reader is not a current device.

E-Reader Tablets

This is probably the hottest category this Christmas season. These are in-between devices. They generally offer more features than an e-ink e-reader but fewer than a full-fledged full-priced tablet. They're also half the price of an Apple iPad or most Android tablets. So, I think it's important to have realistic expectations. E-Reader tablets are not going to be as good an e-reader as an e-ink e-reader. They're not going to support as a wide range of apps as a tablet will. Nor will they satisfy someone who's longing for an iPad.

That said, at $199 the Kindle Fire is probably a reasonable e-reader tablet option, particularly for Amazon customers. You can quickly and easily access all of your Amazon purchased content - books, magazines, newspapers, movies, tv shows, music.... In fact, it even comes with your Amazon login pre-loaded as well as listings of all your Amazon-purchased content. So, all you have to do is turn it on and login to a wifi network and you're ready to go. You also have access to Android apps available from the Amazon app store. Even more are available if you change a setting to allow installation of third party apps that aren't from Amazon. One thing you don't have, which has upset some people, is access to many of Google's apps - Gmail, Google books, etc. I did manage to install the Nook and Kobo apps fairly easily as well as OverDrive Media console. But I haven't been able to install a basic e-pub reader app. Many of Google's services are web-based so there are alternatives. But there's no question, that Amazon seeks to exert some control over how the Fire is used. The $199 price is subsidized by Amazon. So, I'm neither surprised nor disappointed that Amazon is apparently seeking to make up that loss through sales of their content.

Another potential concern is its lack of onboard storage. It has only 8 GB available and there's no SD slot to add more. The Kindle Fire is designed as a cloud device. Your Amazon purchased content is stored on their web servers rather than locally on the device. If you want to read a book, you download it from the cloud. If you want to listen to music, you can listen to the songs you've stored on Amazon's music cloud via their streaming music app. If you want to watch a movie, you can stream it from their servers. This is all great if you've got a pretty robust wifi connection available. If not, you can download some content and store it on your device. But with only 8 GB storage, you're not going to be able to download 20 movies to watch during your European vacation.

Barnes & Noble has lowered the price of its Nook Color to $199 and introduced a new Nook Tablet for $249. The reviews I've read give the edge to the Nook Tablet over the Kindle Fire. It has better specs, is more powerful and offers more storage. It's also $50 more. Barnes & Noble products also have the advantage of in-store trials and support. This has been very helpful to at least one friend who bought a Nook Touch upon my advice and has been able to go into Barnes & Noble in Billings to get support and have questions answered. I think that Nook also has the edge at this time when its comes to children's books. They have a number of books with Read to Me and occasional automation as part of their Nook Kids collection.

I think the decision will ultimately come down to which store you choose to provide your content. Amazon customers will probably choose the Kindle Fire. Barnes & Noble customers as well as those who already use a number of third party content suppliers like Netflix and Hulu will probably prefer one of the Nooks. Another consideration if you're looking at one of these as a gift is how comfortable you are with giving a child perhaps full access to your Amazon account. As a cloud device, it needs a consistent connection to a wifi network for you to be able to access your content. But this persistent connection and login also makes it really easy for the user to order new content at will. Barnes & Noble allows you to set a password to purchase additional content.

There are also similar tablet-like devices produced by Kobo - Kobo Vox at $199.99, Aluratek, Pandigital and others. They are competitively priced. Since these are all primarily content consumption devices, like the Kindle Fire and Nook Color and Tablet, I'd base my decision on the pricing and availability of content. For example, it looks like Pandigital has an agreement with Barnes & Noble to be a content supplier. Otherwise how easy is it to find the content you want from other suppliers and transfer it to your device. Will the gift recipient be comfortable with this process?


My goal here is to differentiate tablets from e-readers and e-reader tablets. The foremost representative of the tablet class right now is the Apple iPad. At prices starting at $499 for the 16 GB wifi model and going up to $829 for the 64 GB 3G model, we see a significant price increase. Android tablets are made by numerous manufacturers but are priced comparably. One of the ways to differentiate a full Android tablet from one of the lesser models is by operating system. Most full Android tablets run Android 3.1 (Honeycomb). Honeycomb was the first Android OS designed primarily for tablets. Cheaper, less full featured Android tablets run Android 2.3 which is essentially a cell phone OS. This is the operating system used by Kindle Fire, Nook Tablet and Kobo Vox. But in the case of Kindle and Nook (I'm not sure about Kobo Vox), these Android versions have been highly customized by Amazon and Barnes & Noble. We'll soon be seeing Android 4.0, which promises to bridge the gap between cell phones and tablets. It's doubtful that many of the Android 2.3 tablets will be able to be upgraded to the new OS.

Tablets are all about the software or apps they run. Whether or not a given model can be upgraded to the latest OS will impact how many of the new or updated apps will run on it in a year or so. Does this mean that a Kindle Fire or Nook Tablet will be obsolete in a year or so when it no longer supports the latest apps? Probably not, in the case of these special purpose tablets. At least not while Amazon and Barnes & Noble continue to support them. They'll make sure that you can continue to access their content at least. But, we've already seen HP bow out of the tablet competition, so I wouldn't be surprised to see a number of other tablet orphans out there in the next couple of years.

One of the benefits of tablets is that they can run a multitude of apps. If you're looking for a truly open e-reader platform, a tablet is more likely to give that to you. Everyone wants to make an e-reader app for iPad. Consequently, you can find apps for Amazon Kindle, Barnes & Noble Nook, Kobo, Google E-Books as well as a number of open epub apps that will allow you to download and read free public domain books. There are also cloud reader web pages available that perform very much like apps but also connect to the online e-bookstores. Newspapers and magazines are being designed for tablet consumption with beautiful layouts, easy navigation and continual updates. There are multimedia children's book apps that include interactivity, video, music, choice of narration. You have a wide choice of video and audio content, not to mention thousands of games. You can even do work with word processing, spreadsheets, presentations, video editing. In short, tablets are computers that can pretty much do it all given the right app. And if that app isn't currently available, it probably will be soon.

So, if you want a handheld touch device that will do it all for you, you probably want a tablet. If you already have a tablet, you don't need an e-reader tablet. But you might want an e-ink e-reader especially if you read a lot. If you already have an e-ink e-reader, you might want to consider an e-reader tablet as a step up. It will enable you to enjoy more audio and video content. And I have to say, photographs in magazines like National Geographic look stunning on Kindle Fire and Nook Color. Are you going to be able to find the perfect gadget that will satisfy all of your needs now and in the future? Definitely not, but that's the game.

And here's one last piece of advice. If you're buying as a gift, keep in mind the recipient's preferences instead of just your own. Whether or not you like Apple, they do produce some of the most consumer-friendly devices on the market. I think the same can be said for Amazon. These are probably going to be safer bets than some of the lesser known brands. At the same time, if your gift recipient is a book store afficionado, you might want to go with a Barnes & Noble Nook. They can get in-store perqs and assistance.

Tuesday, August 9, 2011

Which smart phone should I buy?

As I predicted, Montanans are swiftly moving to smart phones. But I have to admit being surprised by some of the people I see with new iPhone 4s nowadays. I look and think to myself, really?

I think there are a lot of good reasons to buy an iPhone and I'll go into some of those below. But I really question buying one now. We're getting really close to the launch of their new model, whatever it is. The current iPhone 4 technology is over a year old. If you buy one today with a two year contract, you'll be stuck with 3 year old cell phone technology by the time you can upgrade. If that's a prospect that doesn't bother you, if you wait until the new model comes out, you can at least get an iPhone 4 with a significant mark down.

What do I think are the best features of iPhone?
  • If you're already an Apple fanboy/girl, it's a no brainer. It will work seamlessly with Macs, a number of the apps will run on both iPhones and iPads. You can lead a simple happy life in Apple's gated garden of eden community.
  • iPhone gets almost all the cool apps well ahead of its competitors in the smart phone market. So, if you're someone who hears about the latest trend and has to jump right on it, you'll want an iPhone.
  • iPhones also have all the cool accessories, from skins to cases to speakers... Just about all the major accessory manufacturers and their cheap knockoffs design for Apple products.
  • Simplicity - you've got one button that takes you back to the home screen. It doesn't get much simpler than that. And Apple determines when updates to its iOS system take place. When they announce it, you can get it.
  • I think iPhone 4 currently has the best camera on a smart phone. It's not just about megapixels. Apple seems to have a better grasp of what you need to take a good photo.
What are the downsides of the iPhone?
  • You're very much locked into the Apple corporate world and its mindset. Don't even think about getting an app from anyplace but the Apple app store. And Apple frowns on jail breaking and unlocking their devices. They'll do everything they can to make your life difficult if you should try to break out.
  • At the moment you have to do all of your syncing and updates by attaching your iPhone to a computer with iTunes.
  • App developers have determined that iPhone users are willing to pay for their apps via the iTunes stores. Often apps that are free on Android are not free for iPhone. In other words, it's going to cost you to have all the latest cool apps.
  • Since iPhone hardware is only updated about once a year, it's often lagging behind the latest processors, memory, cellular capability of its multiple competitors. For example, Android phones are now coming out with dual processors, increased memory, 4G compatibility. The year old iPhone 4 has none of it. And reports are the the new model won't have some of these features either. Apple tends to be a bit conservative.
  • Phone call quality - there was a joke for some time that iPhones were great as long as you didn't want to use one to make a phone call. And there was always finger pointing between AT&T and Apple as to whose fault it was that iPhones dropped so many calls. I haven't heard if this has gotten better or not with Verizon coming in as another carrier. But with the exterior antenna issues of the iPhone 4, I'd still assume that making phone calls is not Apple's biggest concern when it comes to iPhone design.
  • Fragility - iPhone is all about design not about practicality. The iPhone 4 is probably the most fragile smartphone out there with a glass front and back. It's not for those who tend to drop their phones a lot.
What are the best features of Android phones?
  • Diversity - there are several big manufacturers designing the hardware - HTC, Motorola, LG, Samsung... You can buy Android phones with slide out keyboards or without, with varying size screens, and differing hardware specs. You can even find some that will take and display 3D video or that offer a specialized gaming environment. Android phones are available to work on just about every cell phone carrier around.
  • If you're someone who uses and depends on a number of Google products, it's a no brainer. Android works well with just about all the Google products - search, Gmail, calendar, maps, Google+. Voice commands work great for search and dictation. And as Google rolls out new products, it will generally roll them out for Android first.
  • Buying apps from multiple sources. Amazon recently rolled out its own app store for Android. So you can choose to buy from the Android app store or from Amazon. You can also get apps from other sources as well with just a small settings change.
  • Since there are fewer restrictions on app developers, you'll find some really nice features created for Android that probably wouldn't meet Apple's criteria. For example, one of my favorite keyboard apps for Android is Swype. You don't have to try to type each letter on the tiny keyboard, you just swipe your finger between the letters of the word and the app figures out what you're trying to say. It's really very good and eases much of the frustration of trying to type on a small touch keyboard.
  • Back button - I know Apple is all about simplicity, but please. It's so nice to have the option to just go back a page rather than having to go back to the home screen and start over. A few little buttons are not going to confuse most people. I find them very helpful.
What are the downsides of Android?
  • Diversity - there are so many choices it's down right confusing. Do I want Samsung or HTC? Which model? And you'll know that the really great top of the line model you just bought will be superseded by another better faster phone in a month or so.
  • Lack of consistency in updates. The current Android OS is 2.3 (Gingerbread). There are some Android phones being sold that are still running Android 1.5 and are not capable of being updated. I have two Android phones - a Motorola Droid X and an HTC Incredible. Both are on Verizon. My Droid X got a 2.3 update over the air about a month ago. There's still no sign of an update for my Incredible. This fragmentation becomes an issue as new apps require the new OS and/or important security updates aren't available to all phones.
  • No quality control on apps. While developers complain about Apple's rigorous approval process and control of the app store, it does bring with it at least a modicum of quality control. And Apple is not going to allow anything it considers porn into the app store. With Android, there are no controls. So, you need to be a bit more cautious about what you're loading onto your device. There have been trojans and malware found among Android apps.
  • Battery life - there are times when its hard to get through an entire day on a charge. There are ways to improve this, e.g., by shutting down apps that run in the background and using airplane mode when you're in places with spotty cellular. But it requires a bit of tech savvy and willingness to get in and dig around to figure a lot of this out.
  • Android is really not a great operating system for the faint of heart or people who just want things to work.
Other phone options
  • Windows Phone 7 - this is the one that's most intrigued me since it came out last fall. I like the idea that they're taking a different approach to the user interface and seem to be focusing on function. However, I do have a couple of concerns which have kept me from getting one of their phones. My primary home computer is a Mac so I need a phone that will work in a Mac as well as Windows environment. I'm also concerned about Microsoft's slow update process. It's taken them about a year to come up with their first major OS update, Mango, which is due out this fall. But we'll see what comes out of their partnership with Nokia. There could be some really innovative hardware and software coming out in the near future.
  • Blackberry (RIM) - Blackberry is just not keeping up with the competition. When I've been traveling recently, I still see a lot of Blackberry phones in use. The problem is that when it comes time for an upgrade, few people are sticking with Blackberry's less than desirable hardware and software options, they're jumping ship for iPhones or Androids. I can see no reason whatsoever to choose Blackberry as a smartphone option at present. They really need to come up with something new and competitive to stay in the game.
  • HP/Palm/WebOS - The Palm Pre was a phone that everyone liked when it first came out but was widely regarded as too little too late to really compete in the iPhone - Android wars. When HP bought them, it was hoped that they'd pump some life into it but it looks like they're focusing on tablet/computer uses of WebOS. All reports say that it's a good platform but with few apps and little prospect for increased app development since it represents such a small piece of the smartphone market.
Personally, I think I'm sticking with Android but I am looking for a new phone to replace my HTC Incredible. It only has 8 GB of internal memory which can't be upgraded so I'm forever getting messages about low memory. I'd also like a better camera, particularly for flash/night photos. But I love Android for traveling. Google maps and navigation have saved my rear a number of times on recent trips and they're free! I also love the voice search and dictation capabilities. Plus, it works great with Gmail and Google calendar, etc. As someone who goes between the Mac and Windows world, Google provides a good way to steer between both platforms.

I think if I were shopping for a new smartphone for a teenager, I'd go with an iPhone. I think they'd appreciate the style, variety of apps (that are all prescreened by Apple), accessories, etc. I'd probably put a limit on their purchases through the app store/iTunes. The glass is a bit of concern but a good case should help protect it.

For everyone else, certainly take a look at Android and Windows Phone 7 smartphones. There are other and often better options available than iPhone for most people. CNET has a lot of great reviews of all the latest devices. And I'm happy to help interpret specs. Price should not be your only concern. Any smart phone you buy is going to end up costing you several hundred dollars over the course of a two year contract. It's not the up front price that should concern you as much as whether the device is going to be at all functional at the end of those two years.

Monday, August 1, 2011

July 2011 - The State of E-book Readers

Whenever I mention something about e-readers, I get some requests for advice on which product to buy so I thought I'd provide some updates on where some of the e-reader players are at this moment in time.

My preferred e-book reader at the moment is the Barnes and Noble Nook Touch or as their trademarked name reads: The All-New Nook The Simple Touch Reader. The name is bigger than the device. It's available for $139.99 from Barnes and Noble's website and stores as well as Best Buy and potentially other retail outlets. Walmart sells Nooks but didn't have the Touch available at least in its Billings West end store.

It's small and light and easy to use. The touch interface is intuitive and for everyday reading, the device disappears and you're left with just the content you're reading. My only negative is that I think the Nook navigation tends to be a bit clunky. It's sometimes difficult for me to figure out just where the book or magazine I want to read is located in the file structure. But I always manage to find it without too much frustration.

Very similar in design is the Kobo eReader Touch. This retails for $130 but if you live in a location like Billings with a closing Borders store, I'm watching the discounts on this device. When it reaches 30%, I think this will be a very nice device for that $100 price point. I haven't actually used this aside from playing around with it in the Borders store, but it's very light and seems responsive enough. A review on PCmag.com talked about the Kobo Touch lacking the finesse of the Nook. I think that's probably a fairly apt description. If we're talking about only a $10 price difference, I'd stick with the Nook but at going out of business discounts...

Most of the tech reviews are giving the nod to the new Nook Touch over the Amazon Kindle. But we're comparing different generations of devices. Amazon did start offering lower priced versions of its 3rd gen Kindles with special offers (limited ads) for $114 for wifi and $139 for the 3G version.

Amazon will no doubt be coming out with its next generation of Kindles sometime this fall. Rumors are flying that Amazon will be presenting a Kindle tablet that will enable you to view videos that you've purchased from Amazon, read books you've purchased from Amazon, and listen to music you've purchased from Amazon. And I expect you'll be able to use apps you've purchased from the Amazon app store. So, we're no doubt looking at an Android Kindle tablet designed to compete with the iPad.

They're also reportedly coming up with a software update that will enable you to read library books on existing Kindles. I wouldn't be surprised if they also offered a next gen e-ink reader to compete with the Nook and Kobo Touch readers.

Thursday, June 2, 2011

Why Twitter?

As some of you may have noticed, the bloom is definitely off the rose for me as far as Twitter is concerned. But a lot of people are still using it, more and more all the time, so I thought I'd put out a query as to what others think of it. I'm more than willing to admit that I might be missing something.

As a librarian, I'm interested primarily in library-related information uses. But if you find it useful for another profession, or personally, I'd like to hear your reports on that as well.

I'll post links to this blog post on Wired-MT, my Facebook wall, and Twitter, of course. Feel free to retweet and share.

You can reply via comment to this post, email, Twitter hash tag #whytwitlib, Facebook comment.

I'll compile responses and post to Montana Bibliotechies. Let me know if you prefer anonymity.

Monday, May 2, 2011

Mikrotik Routers

Let me just say right up front that I think Mikrotik (mikrotik.com) routers are great. I have no Mikrotik stock and I don't get a cut every time I install one at a site, but, to my mind, they really are the best thing since sliced bread.

I use Mikrotik routers for access points (APs), for firewalls, and for routers. I no longer use Cisco, Sonicwall, or whatever AP is hot at the moment. It is all done with the Mikrotik platform.

Mikrotik is a company whose corporate office is in Latvia. They have little market share in North America, but are very popular over much of the rest of the world. They have an extensive product line but I am only going to describe a single model that is useful in a small library, the Mikrotik 433AH with radio card and antenna.

Before I do though, I'll point out the down side. They are hard to learn and configure. You must be very familiar with TCP/IP to configure one. With that out of the way, I'll get to the upside.

This router is cheap. If your were to get a comparable Cisco device, you would spend multiple thousands of dollars. This is less than $300, sometimes closer to $200. It costs less to get a backup Mikrotik device to keep as a spare than the 1 year service contract you would spend with Cisco. Not that Cisco is the only alternative, but the features for the cost is unusual.

It is feature rich. This one device has three routable ports and can have 2 radios in it. Thus, in a small library, one port connects to the ISP, one to the public network, one to the staff network, and a radio card for the hotspot. This provides for segregation of the libraries' PCs.

I often use these as library hotspot APs. I require users to logon, but the logon is simply "patron" with no password. This is easy to inform the public about, and this technique can give me stats on the number of logons to the hotspot, a number our board likes to see. The hotspot can also be scheduled to turn off and on. I get better coverage than I did with Linksys, Netgear, Sonicwall, or Dlink APs, using the low end antenna.

I presently have about a dozen installed in various libraries and, for the past year, not a one has had to be rebooted to correct a problem. But I have been using these for about 2 years. I wasn't using the firewall correctly for the first year and it seemed like I had to reboot them about once a month. Since I figured out the firewall issue, they just sit and hum.

The feature that first attracted me to the 433AH are the 3 routable RJ45 ports and the separate radio port. It is very easy to segregate traffic with this device. One problem small libraries have is that public users will soak up all the library's bandwidth downloading movies and such. The Mikrotik can limit the bandwidth through a port, so you can allow the hotspot users only 2 Mbps as a group, or you can limit bandwidth by IP address, allowing each public PC no more than512Kbps.

I could go on, but maybe I should stop here. If you want to learn more and think you have sufficient tech support to manage one of these, drop me an email at jims@missoula.lib.mt.us. I can help get you started. It will be fun. At least for me.


The 9 Suggestions

At MLA 2011, I presented on what a small library should be doing to keep its PCs running. I gave 9 suggestions for what a library should do. Here they are.

  1. Microsoft Updates: Do Microsoft updates, not just Windows updates. The second Tuesday of the month is when Microsoft releases many updates, but they also occasionally come at other times of the month too.
  2. Also keep your other applications current. Pay particular attention to Firefox, and Adobe Reader and Flash. But try to keep all your applications up to date. I agree with you though that it is a royal pain in the neck. Larry, our new IT guy at the Missoula Public Library, has some good ideas on that front. I hope to be posting about how to make this easier in a couple months.
  3. Use Firewalls. XP, ME, Vista, Windows 7 all have firewalls built in. Use them. Also use a firewall at your perimeter device. That's the device in the phone closet that connects to your ISP.
  4. Block SPAM. If a malicious email never shows up in your mailbox, it can't infect you. Most email clients have some kind of SPAM blocking feature. Also many ISP's provide a SPAM blocking service that will usually cost a little bit but will keep your mailbox cleaner.
  5. Protect your Browser: Al the major browsers have a variety of tools built into the application to protect you from a variety of malicious activities. For example, IE has the pop-up and active-x blockers, protected mode, and a variety of other things. Another useful tool is something called the WOT. It's a 3rd party app. Find it by googling "web-of-trust".
  6. PC Restrictions: This is something you would consider mostly for your public PCs. The primary product for this is Group Policies. It you had a week long class on this product you would just be scratching the surface. But there are much more user-friendly products such as SteadyState from Microsoft (It's free but it doesn't work on Windows 7) or Winselect from Faronics.
  7. Antivirus and antispyware: As time goes by, this genre of tools becomes less and less useful because the malware is getting too clever. But they are still useful. Use them. Keep them updated.
  8. Separate Public, Staff, and Hotspot PCs: Your staff will at least try to not get infected. The public doesn't care and so you can assume the public PCs are infected not long after a patron touches it. On the hotspot, patrons can use their own tools to hack into your environment. Stop all this by disallowing any communication between your staff, public, and hotspot users. See a previous post on ARP poisoning to learn how to do this easily.
  9. Passwords: Never leave a device with its default password, or no password, or "password", or any of dozens of silly selections. You have good locks on your doors? You should also have good locks on your software. This applies to both your vocation and your personal life. Don't always use the same password. Can someone watch you logon to your PC every morning and then know how to get into your online banking?

So there is a lot of stuff here. You are not going to go home and do all this right away, if at all. So people ask me for the short list. What three things from this list should they do?

If I had to say only three, I would say 1&2 first. Do the Microsoft and application updates regularly. Then 8, because you can always safely assume that your public PCs are infected, and you don't want that to spread to your staff PCs. Finally 9, passwords are locks, use good ones and use them correctly. There is a lot of good info about how to use passwords well.

But I would also put antivirus and antispyware in the top 3 as well. I know there are 4 items in the top 3 but they all need to be there. AV and AS are less important on public PCs if they are using Deep Freeze, but definitely important on PCs not running Deep Freeze.

Be careful out there.

Wednesday, April 27, 2011

The Standard Model for Small Library IT Management

I help maintain the IT infrastructure at the Missoula Public Library, but I have also been able to work with a number of small libraries across western Montana for more than 15 years now. These small libraries often have 10 to 25 PCs they have to keep running.

The Standard Model is simply my best guess at any given time for how these small library IT environments should be deployed and managed. With this post I am going to describe the Standard Model, hoping this will give small library directors, and their IT help, direction for how to deploy an environment that works.

This is not to say it's the only way to do it. There are many ways. I will simply be describing the model that is working for me. Note that this model is always in flux, particularly so now because of the BTOP deployments and several of my clients have purchased new servers this past year. But equipment, and software, and user needs are always changing so the infrastructure needs to continually adapt.

These comments are written for someone pretty skilled with PCs and small networks. I encourage any librarian who reads this to pass it on to their tech support and to share this with any interested person. Folks with questions should please post them here as comments so that we can all share in the responses. I would also appreciate anyone with alternative techniques to post those as well.

I'll break the environment up into areas of management, because each of these areas are managed differently. The three areas are the staff PCs, the public PCs, and the hotspot. All these comments assume a Microsoft Domain environment. I am currently using Server 2008 or Server 2008R2.

The staff PCs are managed just like any other business user PC. It has to print, run apps, stay uninfected, store documents, etc. There is nothing particularly unusual in supporting staff PCs so I won't take space for that.

The hotspot is not particularly unusual either except that access is available to all. The important features about the hotspot are that, first, no traffic from it should be allowed to any wired PC, and second, bandwidth must be limited so that there is always sufficient bandwidth available for the staff PCs.

Hotspot Tips:
  • Librarians want stats. It is how they justify expenditures. A good stat to get from the hotspot is the number of logons to that hotspot. Do this by logging logons at the Access Point and archiving that data on a syslog server. Make this data available to the librarian so she/he can tally up stats daily, weekly, or monthly. I use Mikrotik hardware for APs, firewalls, and routers and will describe how I collect stats from it in a separate post describing the features of the Mikrotik platform.
  • Some of my sites do not leave the hotspot on around the clock. The Mikrotik platform has a scheduler that can turn the hotspot on and off as desired.
  • Security dictates that hotspot users cannot have access to any of the staff or public PCs so filter packets from hotspot users so that they have access only to the gateway and not to any resources in the building. One possible exception to this is to allow access to a printer on the wired network. I'm not doing this anywhere because the problems with excessive after-hours printing and with troubleshooting user's printing problems make it appear not worth the effort.
The public PC is a beast that even skilled system and network technicians often have trouble with. The trouble is that they do not understand what the library really wants regarding the configuration of the PC or the management of the public side. Furthermore, librarians often have difficulty articulating what they want in sufficient detail. Thus, there is a gap filled in with tech speculation and librarian dissatisfaction.

Public side management guidelines:
  • The fundamental problem libraries have is that they invite people with absolutely no inhibitions to come in and use their computers. A patron told one of my directors that they always come to the library to visit a certain web site, because they always get infected when they go there.
  • Assume all public PCs are infected as soon as a patron touches it.
  • Focus primary efforts on area segregation and PC recovery, rather than restrictive or blocking techniques. Make sure that public PC's cannot communicate with staff PCs to as low a level as possible. I do the blocking at layer 2.
  • Library staff typically are not sufficiently skilled to be able to troubleshoot public PC problems, so the tech's job is to configure the PC so as to create as few questions as possible during its use. Even when they are sufficiently skilled, librarians often have many other things they should be working on.
  • Automate the environment as much as possible. For example, automate the turning on and then off of the public PCs. This is easily accomplished with most PCs. There are many other tasks that can be automated. Actively look for ways to minimize staff interaction with public PCs. Also minimize staff/patron interaction over computer management issues.
Deep Freeze is a product from faronics.com that I have long held is the best PC management money a library can spend. There are a number of products similar to Deep Freeze but I have only used this product so will only comment its use. The use of Deep Freeze dictates much about how the public side is managed, so its use will be described in some detail.

Deep Freeze is an application that will allow you to roll back any and all changes to the file system on a PC when it is rebooted. It is switched between frozen and thawed with a reboot. If it comes up thawed, you can make changes and have them stick. If it comes up frozen, all changes are removed at the next boot. So as long as a PC stays frozen, it remains unchanged.

Public PC and environment configuration:
  • The tech's primary goal regarding the public side is to limit damage, and facilitate recovery. In a previous post about ARP poisoning, I describe a relatively easy technique for disabling communication between groups of PCs sharing a subnet. That is one way to do it, but however it is done, it must be done.
  • Easy recovery is accomplished with Deep Freeze.
  • Damage is limited through the use of antivirus and antispyware, local and perimeter firewalls, and restrictions on the PCs functionality while in the patron's hands.
  • I use F-prot antivirus because it is lean, good enough, and $3.75/PC/year. I also use Spybot anti-spyware, predominately for the host file it provides. There are other ways to get useful host files to block access to unwanted sites (for example mvps.org), but I find Spybot useful.
  • Run the Microsoft firewall at each PC and have a firewall at the perimeter device.
  • Restrictions are provided via Group Policy at most of my sites, but at some sites without servers I use a product called WinSelect, also from Faronics.
  • I allow three kinds of access to a PC to support centralized and remote management: File and print sharing to allow access to the file system, Remote Registry service to allow manipulation of the registry, and Remote Desktop sharing to support Terminal Services.
  • Limit patron logons to only those PCs that patrons use. This is can be done easily in Active Directory Users and Computers in User Properties.
As I have mentioned, Deep Freeze determines much about the way the public side is managed, so I will describe in some detail how I use it.
  • Deep Freeze has an Enterprise version that allows central management of Deep Freeze clients. All PCs can be changed to frozen or thawed with a few clicks.
  • Deep Freeze has what it calls a thawspace. This is a separate drive where patrons can store documents that will survive a reboot. I use this only for short term storage. I run an automated process that will delete thawspace on all patron PCs on a daily basis.
  • I use Imagex, the Microsoft product, to create a disk image that will be copied to many PCs. Do not install Deep Freeze as part of this image.
  • Once a month, I go in during library closed hours to thaw all the PCs and run Microsoft updates, as well as updates for a number of applications. Much of this process has been automated, but I still spend too much time on updates.
  • Never let any patron touch a PC that is not frozen.
  • If you need to thaw a public PC during open hours, make sure that its firewall is set to block all incoming connections.
  • Do not do any general surfing on any thawed public PC. Access your update sites only.
Finally, the server is a component available to both the public and staff side. A server does three things. It is my platform for remote support. It is where documents are stored. And it is the platform providing a variety services to the LAN.
  • I configure the perimeter device to forward port 3389 packets to the server, and I access it via Terminal Services.
  • All critical documents are kept at the server in shared folders which are regularly backed up to external drives and removed offsite. Appropriate permissions are also applied to shared folders. I actively deny access by patron side logons to staff shared folders.
  • The server is then used to access all the PCs on site via Terminal Services. It runs the Deep Freeze console. It collects updated antivirus signature files to be disseminated on the LAN. It runs the Active Directory tools such as Users & Computers, and Group Policies. It runs various automated processes with the Task Scheduler. And more.
Excuse the length of this document, but there is a lot of material, even when covered superficially. I have posted documents recently on ARP poisoning and on configuring a public PC. I will soon post a document on the Mikrotik platform and another on the 10 suggestions I have for small library security. These should cover all the issues I discussed at the presentation at MLA.

Good luck configuring and maintaining your IT environment. Share these comments as you wish. Post your questions as comments here at the Montana Bibliotechies, or send me an email at jims@missoula.lib.mt.us.

Tuesday, April 26, 2011

Content filtering for public libraries

The issue of content filtering of the Internet has come up yet again. Some libraries are seeking more E-rate funding in the Internet Access categories and are thus looking at CIPA (Children's Internet Protection Act) compliance and "technology protection measures." Others are looking for solutions to problem patrons abusing the library's internet.

Internet filtering is a difficult and contentious issue among librarians. Some feel that filters must NEVER be used for ANYONE in the library. These librarians see the defending the First Amendment access to information as the overriding responsibility of librarians. Filters can interfere with constitutionally protected speech so they cannot even be considered. Other librarians are interested in protecting library patrons from illegal and objectionable materials that may be encountered on the Internet. Schools often block anything that might possibly be considered problematic or objectionable. Unfortunately, this can prevent students from accessing information they need to complete assignments. It can also prevent public library patrons from accessing legal and unobjectionable sites like web email or social networks from school/community libraries.

Many librarians find themselves between the two extremes and are looking for solutions that will help block illegal and objectionable sites while allowing access to the vast majority of Internet content. I think that filters when chosen with care and used judiciously can help and will allow the libraries to comply with CIPA.

Unfortunately for busy librarians, selecting the right filter is going to take some study and trials. TechSoup has some good basic information:
I think you need to start with your library's Internet policy. My colleague Tracy Cook led a workshop at the 2011 MLA/MPLA Annual Conference on Library Internet Policies. It might be helpful to take a look at her notes from the session to help stimulate a discussion with your library's board. You should spell out in your policy just what is considered inappropriate and for whom. CIPA requires you to block web sites that are obscene or contain child pornography for everyone including adults. There are additional requirements for minors.

Internet Safety Policy
The Internet safety policy must address the following issues:

  • Access by minors to inappropriate matter on the Internet and World Wide Web
  • The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications
  • Unauthorized access including "hacking" and other unlawful activities by minors online
  • Unauthorized disclosure, use, and dissemination of personal information regarding minors
  • Measures designed to restrict minors' access to materials harmful to minors
Once you've defined as a board what you deem "harmful to minors," Internet filters can be used to help restrict access to those materials for minors. But I think you need to be very careful and thoughtful about just what you want to restrict adults from accessing. I would recommend getting a filtering product that allows several different levels of filtering to account for different age groups. That way you can apply filters in an age appropriate manner.

As objectionable as it may be to many community members and library staff, pornography is not necessarily obscene and therefore may be constitutionally protected speech. Web sites depicting racism, sexism or violence are probably also protected by the First Amendment. Blocking these sites with a filter can subject the library to a First Amendment lawsuit. Hence, I repeat my caution to be very judicious about which categories you choose to block for adults and make sure that library staff can disable the filter at the request of an adult library patron. It's a very good idea to get a filter that lets people know that it's blocking a site and gives them the option to have the site unblocked by library staff.

Once you've come up with a draft internet policy, you can start looking at filters to meet your needs. I would certainly want to test filters before I committed my library to buying, installing and using them. This is another good place to bring in your board and/or staff to help. Install each filter you're considering on a computer and then test it for a while. Make sure it blocks sites you want blocked and doesn't block those that should be accessible. You'll probably also want to test how easy it is to turn on and off. If you don't like it, try another. This is something that library staff and patrons are going to have to live with so you want the filter to be something that works for you.

If you're filtering for CIPA compliance, make sure that discussion and approval of your Internet Use Policy is listed on the agenda for your library board meeting. This meeting must be accessible to the public. Also, keep records related to your filter purchase and testing with your E-rate files. If your library is audited for E-rate, auditors may ask to see proof that you're in compliance with CIPA.

It would be great to hear from libraries as to which filters they're using and how satisfied they are with their choices. This is another one of those areas where we can learn a lot from each others experiences.

Wednesday, April 13, 2011

Deep Freeze on Public PCs

You spend a lot of time and money setting up a PC for the public to use. But soon everything is running slow on it, or you keep getting infected warnings from your anti-virus, or you keep getting unwanted pop-ups. What do you do?

Unfortunately, the first thing you have to do is completely wipe the hard drive on the PC and start over again. But this time, before you give the PC to the public, you install Deep Freeze on it.

Deep Freeze is a product that completely rolls back any changes made to a PC every time it reboots. This is good for when a patron makes unwanted changes to the PC, like changing the background, or for when a PC gets infected. It is not so good for when you need to update the PC, because that will be removed too.

Deep Freeze runs in two modes: frozen and thawed. When its frozen, any changes made are removed at the next reboot. When its thawed, you can do your updates and they will stick.

I have been using Deep Freeze for more than a decade and am very impressed with it. I think you should use it too, or a product like it, to keep your public PCs running well.

Windows Steady State has a similar component but Microsoft does not make a version of Steady State for Windows 7. There are other paid products as well such as DriveShield and Centurion Guard, but I haven't used those so cannot comment on them.

  • I purchase the Enterprise version, which means I have a central console from which I can switch all my PCs from frozen to thawed with just a few clicks. This console also allows you to update the Deep Freeze configuration, to startup and shutdown the PCs, send screen messages to the PC, and more.
  • Deep Freeze is also sold in a Standard edition, which installs on a lone PC and is managed only at that PC.
  • When I get a PC configured for the public, the last thing I will do is install Deep Freeze on it. Then I let the public use it only in the frozen mode. When I have to do updates, I wait until the library is closed, boot the PCs in thawed mode, and do all the updates on each PC. Then I freeze the PC again before I let the public use it.
  • Deep Freeze is not a restriction tool. It is a recovery tool. It doesn't stop patrons from doing bad things to your computer, it just allows you to recover easily when they do. You have to use something like Group Policy, or a Local Policy, or Winselect to impose restrictions.
  • Deep Freeze has what is called a "Maintenance Mode" which is simply a configuration feature that will make the PC boot thawed if it is ever on at a certain time. For example, if you always do your updates after you close Tuesdays at 6 PM, you can set the PCs to automatically turn on and thaw themselves every Tuesday at 6 PM and then freeze again at 9 PM.
  • Deep Freeze is not perfect. It does not protect against Master Boot Record infections, but these are rare anymore. I have had a few problems with it, mostly due to a PC getting turned off when it shouldn't during a windows update, but the company has a good fix for this and their tech support has been very helpful when I have called.
If you are having trouble keeping your PCs working, have a look at Deep Freeze to start making that effort less work.

ARP Poisioning

This will be one of a few posts here relating to the presentation I made at the Montana Library Association conference in Billings recently. I told the attendees I would present further details about how to do some of the procedures I discussed, so here is the first one.

One of the most important things a small library should do is to create an environment where the public PCs, the staff PCs, and the hotspot can not see each other. This is because staff PCs are usually used by people who try not to get infected. Public PCs, alas, are not. It is wise to assume that your public PCs are infected by the end of the day. Hopefully, you are using a product like Deep Freeze so that the public PCs will be uninfected again when they reboot.

There are a variety of ways to accomplish this separation between staff and public PCs and many of them are expensive. This is the poor person's technique for disabling communication between staff PCs and public PCs. It is called ARP Poisoning and it is a technique of lying to your PC.

In order for this to work, you must manually assign IP addresses to your PCs. They need to have an IP address that remains constant and DHCP will not do that.

Let's say you have two staff PCs with the following IP addresses:

And you have two public PCs with the following IP addresses:

Create a batch file with the following name: "staffARP.bat"

It should have the following two lines in it.
ARP -s 00-00-00-00-00-00
ARP -s 00-00-00-00-00-00

Then create another batch file called "publicARP.bat". It should have the following two lines.
ARP -s 00-00-00-00-00-00
ARP -s 00-00-00-00-00-00

Now each of the batch files gets put into the respective startup folder of each PC. That is to say the staffARP.bat file gets put into the startup folder on a staff PC and the publicARP.bat files gets put into the startup folder on the public PC.

Then you would reboot a staff and public PC and ping one from the other. The ping should fail indicating that the two cannot communicate.

In your environment, add a line in the batch file for each PC to which you want to block access. Note that the string after the IP address is a bunch of zero's and dashes, not ohs and dashes. Note that the IP addresses above are just samples. Naturally, you would use your own IP addresses.

There ya go, the poor persons blocking between staff and public PCs.

Next week I'll make a few comments about Deep Freeze. It is the product that, IMHO, is the most cost effective money a library can spend to keep its PCs running.

Monday, March 14, 2011

Configure a Public PC

Good morning.

This weekend I configured a BTOP desktop PC for the North Lake County Public Library District in Polson. Since many of us are doing similar configurations, I thought this would be a good time to describe the steps I take to configure such a PC.

I had to setup 6 of these PCs. What I did was to configure one of them just the way I want it, and then create an image of that PC and copy that image to the other PCs. If you have more than a few PCs, it is a great time saver and it makes sure there is a consistent experience on each of the PCs so deployed.

What I describe here is simply how the master PC is configured. I do not describe the imaging procedure, or the restrictions I apply on a public. I use imagex and group policies respectively for these tasks. Both these tools are built into the Microsoft environment.

The accompanying document is not meant to be a step by step recipe for configuring the PC. It is simply a rather cryptic list of tasks, somewhat in the order they should be done. It requires a bit of familiarity with Windows 7, Microsoft domains, and installing applications. It is meant to be a fairly complete list of what needs to be done, but I confess that I have probably forgotten a task or two. I occasionally add a bit of explanation.

The public logon is named “inet” and the administrator’s logon is “acme”. If this process is done on a network with other PCs turned on, I always turn on “Block all incoming traffic” in the Sharing Center to minimize the chance of getting infected. Then unblock this before creating the image.

I use Deep Freeze on all public PCs at my day job and for all my clients. IMHO it is the most cost effective PC management money a library can spend. There is other “freezing” software, but I use this. Deep Freeze provides an area it calls Thawspace. Thawspace is a place that is not wiped when a PC is rebooted. I use it as the default location for “My Documents” so that patron documents can survive a reboot. I then use an automated procedure to delete contents of this folder on a regular basis, daily or weekly.

Some of these items are specific to the way I manage the environment so may not be appropriate to your environment, but you can use it as a starting point.

Here is the list.

Configuration of NLCPLD BTOP Optiplex 980 Public PC - March 12, 2011

W7 Pro 64 bit OS

Set PC name and temporary user during initial startup configuration

Set TCP/IP config for IPV4; Turn off IPV6 off

Set local admin password and enable

Join domain; add inet (the public user) to local administrators group

Confirm that Device Manager shows no problems

Set virtual memory to 2xRAM

Logon as inet

Install Office 2007 Pro Plus - Run all - no Outlook icon on desktop

Install MS Math 3.0, MS Streets & Trips

Install Adobe Reader-Flash-Shockwave; Install Java

Install Firefox, Google Earth, Picasa, Itunes/Quicktime

Place icons for auto repair, ibistro, infotrac on desktop

Place items on desktop: MS games folder (add in programs & Features), snipping tool, notepad

Keep Roxio Creator on desktop

Install Spybot, fprot

Do all Microsoft and application updates

Turn off all automatic updates (MS, java, adobe reader)

Activate windows

Set remote registry service to delayed start

Add acme & inet to Remote Desktop Users

Turn on file/print sharing

Confirm remote access to remote registry, file system, RDP

BIOS settings: password; WOL; no energy saving; boot order

Remove initial user and associated profile

Install Printers

Set default web/search in ie &ff, screen saver/power

Populate icons on desktop and set icon location, do initial start of all apps, set background, set ie to default browser

Make sure volume control is available in systray; test sound with headphones

Confirm flash drive can be removed gracefully

Logon as acme (The administrative user)

Create c:\port and set permissions to allow only acme access

Set default web, folder options, background, printer, screen saver, power,

Install Deepfreeze and thaw

Log back into inet

After DF install: set mydocs to T: (only T in list), T icon on desktop, my docs icon on desktop

Run disk cleanup, defrag, and chkdsk

Confirm ARP Poisoning is working

Run fprot/spybot scans

Log back into acme

Remove inet from local administrator group

Leave deep freeze unfrozen

Sysprep to oob experience; do not generalize

Capture the image with imagex