The following was posted to Web4Lib this afternoon:
Subject: Disable USB drives on public computers
“This article provides a way to do this, while still allowing the use of USB peripherals such as mouse, keyboard or scanner. This only disables the storage drivers. This could have uses in preventing users from copying data from the computer, or running un-approved software from a portable device.”
The posting also included a link to the article which itself included downloadable software to make it even easier to disable a patron’s ability to use a USB drive. You may correctly assume that I’m not posting the link because I strongly disapprove of librarians doing any such thing. If you insist this is a must for your library you’ll need to go find the instructions and/or tool yourself as I’ll have no part in it.
The reasons for not disabling USB drive access are:
- If you’re storing sensitive data on a computer that the public has access to, you’ve got bigger security issues to deal with than USB drives.
- As a patron I want to be able to run my copy of Portable Firefox so I can use my browser, have access to my extensions, and use my bookmarks. Deny me that right and you’ll have an irate patron on your hands. Such apps are doing nothing to your computer so there’s no reason to keep me from doing it.
- I want to save what I’ve found while on your computer since I don’t have the money to pay for printouts. Better yet, I want to save that download which can’t be printed nor will it fit on a floppy.
- Most importantly, my data is stored on my USB drive and if you allow someone to use a floppy disk, why am I denied the ability to use my USB drive. Hey, my paper’s due tomorrow and my home computer’s busted.
There are arguments for denying the USB of USB drives. They are:
- Someone could boot from the USB drive and completely wipe out the system and/or compromise network security.
- Someone could install malicious software from their USB drive onto the library’s computer.
Well there are solutions to both of these potential hazards that do not involve denying all of the legitimate uses of these devices. In the case of the first potential problem, set the computer’s BIOS to only boot from the hard drive (as you should have already done to prevent people from booting from floppies,) and set a password on the BIOS to prevent anyone from changing those settings. (Again, something you should already have done. Potential problem number one solved.
As for potential problem number two; use something like Windows Dish Protection, Centurion Guard, or, my personal favorite, Deep Freeze. If someone installs something on your computer, just reboot and it’s gone. Potential problem number two solved.
So, answer the question I posed in the title of this post, there’s no security risk from USB drives that can’t be solved in ways that won’t also hurt the other 99% of your patrons.
I’ve been informed that LC has made some changes and catalogers are pissed. Here’s a petition to Prevent the Library of Congress From Abandoning the Creation of Series Authority Records. Here’s the opening paragraph of the petition:
“On April 20, 2006, the Library of Congress announced to the library community, via a member-only e-mail list for the Program for Cooperative Cataloging (PCC), that on May 1st, 2006, it would cease creating series authority records as part of the Library of Congress (LC) cataloging. There was no prior indication of this deleterious cataloging policy change to any other bibliographic entity including the Online Computer Library Center (OCLC), to our knowledge, nor any discussion regarding its impact on the library community. The manner of communication prohibited any feedback from library communities regarding the decision, as there was no possibility given of reducing the effect of this decision by opening discussion for amelioration, or delaying the decision until libraries could address the change in their cataloging and online catalogs. The practically immediate enactment of this change gives libraries no chance to change their online catalog indexing methods to recover from the removal of series access and authority control in LC cataloged records. This extreme policy change directly and negatively affects the daily cataloging and series public access functions of many thousands of libraries in the U.S. and worldwide.”
via SuzyQ
(Though I’ve got to admit this is all over my head.)
Today I was pointed to the GotVoice Web site which will check your voicemail for you and e-mail you your messages as MP3 attachments for free. I’ve got to admit this sounds very slick but I have my cell phone with me at all times so I hardly need to receive those messages via e-mail. Now, my home phone however, that’s another story. I never take that on the road with me and I rarely remember to check those messages. (Granted, anyone who I actually want to get a hold of me while I’m on the road either knows to e-mail me or has my cell phone number.) Trouble is, I don’t have voicemail for my home phone, I have an answering machine. I didn’t think this would work but I’d see how far I could get through the process before this was confirmed.
So, I clicked on the sign up link and I’m asked to select the type of voicemail service that I wish to connect to a GotVoice account. There are four choices to choose from: Home Phone Voicemail, Cellular Phone Voicemail, Home Answering Machine, and VoIP / Digital Phone. What! Can this system actually work with a home answering machine? Well, I picked that option and received the following response:
No, it doesn’t work with home answering machines. So, here’s the obvious question: if it doesn’t work why is it an option? Just don’t list it or tell me up front that it doesn’t work. Don’t give your user false hope only to dash those hopes seconds later. Not only is that poor Web site usability, it’s horrible customer relations.
I’ve been using A9 as my default search engine for more than a year now and I’ve been perfectly happy with the results. (Yes, I started using it because installing the toolbar gets me a small percentage off my Amazon.com purchases, but I’ve kept it because the results are good and it’s flexible, letting me get results from the Web, flickr, and Wikipedia all at once.) This morning I noticed that it’s no longer pulling results from the Google database, it’s now pulling it’s results from Windows Live which is still in beta. (But then again, what isn’t these days?) I don’t know how this will effect results but I’m going to keep an eye on it to see if there’s any noticable differences.
UPDATE (later the same day): It turns out that not everyone has been switched to Windows Live. One of my co-workers still has Google as the default.
I’ve blogged about the silliness of these types of e-mail disclaimers before but this is the first time I’ve seen one at the bottom of an e-mail in two languages.
*******************************************************************
Tá eolas atá príobháideach agus rúnda sa ríomhphost seo
agus aon iatán a ghabhann leis agus is leis an duine/na daoine
sin amháin a bhfuil siad seolta chucu a bhaineann siad.
Mura seolaí thú, níl tú údaraithe an ríomhphost nó aon iatán
a ghabhann leis a léamh, a chóipáil ná a úsáid.
Má tá an ríomhphost seo faighte agat trí dhearmad,
cuir an seoltóir ar an eolas thrí aischur ríomhphoist
agus scrios ansin é le do thoil.
This e-mail and any attachment contains information which is
private and confidential and is intended for the addressee
only. If you are not an addressee, you are not authorised
to read, copy or use the e-mail or any attachment.
If you have received this e-mail in error, please notify
the sender by return e-mail and then destroy it.
******************************************************************
I’ve been the manager of the Friends of the Aurora Public Library Book Outlet for about four months now and a lot of change has occurred both in the organization and in the store itself as a result. Not everyone is happy about the changes and the issues are starting to come to a head in some cases. Not everything has been easy to deal with but I’m getting the job done as I see it. What this leads me to is the recent SirsiDynix Institute titled Workplace Culture: Building Positive and Productive Staff Relations. This one hour presentation covers many of the skills that a manager needs to make sure that everyone in an organization gets along and the job gets done. Much of what’s presented is common sense, but a refresher in this type of material, for managers at all levels of experience, never hurts.
I rarely make predictions but I’ve been making this one to myself for a few months now and I think an article about a 750GB hard drive for only $590 makes me feel safe enough to put this one to print. One terabyte hard drives will be commercially available to the public at a reasonable price by the end of 2006.
via SEB
I’ve been running ClustrMaps for two days now and the statistics are starting to come in. Honestly, more people are reading all this than I expected. However, the point of this post is to point out that the mapping feature is giving a few odd results. Most specifically, shown below, it seems that someone is accessing this blog from the Pacific ocean somewhere to the west of Indonesia. Go figure…
UPDATE 29 April 2006: The folks at ClustrMaps have confirmed that I need a geography lesson. That dot happens to represent visitors from Guam. (If that’s you, give a shout.)
Steven and Chrystie have completed the design of their survey on community building. Please give them a hand and a few minutes of your time.
