Reader Advisory For the Kid Who Has Read It All

By Olivia Buck

As a library employee, a recurring question that I get asked is “What should I read next?” There are all kinds of resources available to us to find the next book or readalikes. On Bloomington Public Library’s online catalog, we have similar titles and authors listed beneath the titles of books to give our readers an idea for their next book. There are resources available on our website like NoveList and a recommended books page. And of course, there’s always user-friendly Goodreads to help out. But what do you do when your avid reader has read all the books on Goodreads’ similar authors list and Novelist is coming up with the same suggestions?

I recently was in this particular situation, helping a parent find a new title for his twelve year old son to read. He had just finished reading I Am Number Four by Pitacus Lore and was looking for something to read, but all our copies of the next book in the series were checked out. I started with one of the most popular authors for kids his age: Rick Riordan. He’d read every book and loved them. How about Harry Potter? They owned the books, but he didn’t really seem to be interested in them. I was about to suggest the Ranger’s Apprentice, but his dad said that he’d read those too. Every suggestion I had offhand for new ideas that might interest him, he’d already read.

So, I turned to NoveList and Goodreads searching for his favorite authors and read alikes. I tossed out suggestions I pulled from the list, but one after the other, they were batted away. Always the same response: He’s already read it.

In other situations I might have asked a coworker what their thoughts were, but I was the only person there. I started digging into my own reading history and tried to remember the teen books that I’ve read. I pulled out The Lunar Chronicles by Marissa Meyer, but fairy tale retellings weren’t his cup of tea. I suggested Renegades by Marissa Meyer as well, but all the copies were checked out due to the latest book having come out in November. I thought of the DC Icons series, suggesting Wonder Woman: Warbringer by Leigh Bardugo, but they were checked out too. How about the Inheritance Cycle by Christopher Paolini? He’d already read the entire series. His dad said that he liked historical fiction, so I suggested White Rose by Kip Wilson (our Bloomington Reads 2020 spotlight title) but all the copies were checked out. I suggested trying our ebook resources, but each of the titles were waitlisted on Libby as well. Striking out again and again, I felt at a loss. I’d reached the end of my ideas. Where else do you look if the kid has read it all?

After the fact, I asked a few of my coworkers, their thoughts. Had I missed some obvious reader’s advisory resource? Their ideas were much like my own. Check Goodreads and NoveList, suggest books you’ve read, ask other staff their reading suggestions. After speaking with our teen librarian, she suggested What Should I Read Next because it generates items by tags and you end up with a wider variety of titles based on your search. After having experimented with the website, I did find new titles and authors that neither NoveList or Goodreads suggested to me.

What resources do you use? Have you been in this situation before? How did you find the “next read” for the patron who has read it all?

Noteworthy 2020 YA Debut Authors

By Allison Riggs

While writing this blog post, I changed my mind about which books I wanted to highlight more times than I can count. There are just too many amazing-sounding YA books coming out this year! All I knew for sure was that I wanted to feature some upcoming 2020 young adult releases for collection development and readers’ advisory purposes. I was originally going to highlight some prequels and sequels, but I soon realized that those are already pretty well-known. Therefore, I finally decided on featuring some YA debut authors instead. I find that these titles are more likely to be missed and deserve the extra attention. Although I have not read any of these titles yet, I selected ones that sounded unique and that I think will be popular at my library.

For further reference, there is a website with a large list of YA and MG debut titles called Roaring 20s Debuts.

Woven in Moonlight by Isabel Ibañez

Release Date: January 7, 2020

“A lush tapestry of magic, romance, and revolución, drawing inspiration from Bolivian politics and history.” This Goodreads description along with the beautiful cover is enough to convince me that this needs to be on my shelf.

Nameless Queen by Rebecca McLaughlin

Release Date: January 7, 2020

An unknown citizen becomes the queen, and everyone wants her dead. I think fantasy readers, especially fans of Red Queen, will want to read this one.

No True Believers by Rabiah York Lumbard

Release Date: February 11, 2020

“Fans of the riveting mystery in Courtney Summers’s Sadie and the themes of race and religion in Samira Ahmed’s Internment will be captivated by this exploration of the intersection of Islamaphobia and white supremacy as an American Muslim teen is forced to confront hatred and hidden danger when she is framed for a terrorist act she did not commit.”

The Lucky Ones by Liz Lawson

Release Date: April 7, 2020

“For fans of Thirteen Reasons Why, This Is How It Ends, and All the Bright Places, comes a new novel about life after. How do you put yourself back together when it seems like you’ve lost it all?”

The Perfect Escape by Suzanne Park

Release Date: April 7, 2020

Nate and Kate hit it off when they meet at a zombie-themed escape room and then decided to participate in a survivalist competition together for a big cash prize. This title sounds unique and like it’s going to be a whole lot of fun.

The Henna Wars by Adiba Jaigirdar

Release Date: May 12, 2020

This title is promoting itself as a mix of When Dimple Met Rishi and Simon vs. The Homo Sapiens Agenda. What more could you want?

Libraries & Leaky Data: Part 2

By Aaron Skog

In my first post of the series “Libraries & Leaky Data,” I provided an overview of how libraries are accumulating patron information in a variety of “hidden” areas of the library. I noted that if a library were to be subject to a ransomware attack, it is possible that patron information could be stolen from machines dedicated to print release, computer reservation, or self-checkout. For the second part of this series, I will explain how libraries are passing data through their networks and through the internet insecurely.

First, it is important to understand that data traversing the internet from one server location to another are by default insecure unless measures are taken to secure those transactions. So a library patron logging onto their OverDrive account to search and get ebooks is in good shape because the OverDrive website utilizes HTTPS, correct?

Not necessarily. What many libraries are doing is providing this authentication on the back-end of this transaction without any security whatsoever. So the patron actually might submit their barcode and PIN via HTTPS, but the communication back to the library’s integrated library system (ILS) from the vendor, e.g. OverDrive, is likely using SIP2 to verify this barcode and PIN. The back-end communication does this without HTTPS or a VPN to protect that transmission. This creates the illusion of data security to the public, but the reality is the library’s go-to protocol (most likely SIP2) for 3rd party connections are usually deployed without any secure communication in place.

Description: Library Data Communication Diagram

What this means is that for every patron login with OverDrive, the OverDrive servers verify back to the library’s ILS using insecure methods (no HTTPS at all) and the ILS sends a trove of patron data back to OverDrive in plain text. Here are the 10 patron fields of information shared within a single SIP2 patron authentication query.

  1. User’s barcode
  2. User’s PIN/password
  3. User’s full name
  4. Address
  5. Email address
  6. Phone number
  7. Birthdate
  8. Gender
  9. Age category
  10. Fines owed

This problem isn’t just with OverDrive but it is with nearly every 3rd party hosted service a library is using. If your library is authenticating with SIP2, the chances are that your other hosted services such as room reservation are doing the same thing: showing a HTTPS on the patron/staff interface, but communicating without any security on the back-end.

Making matters worse, this insecure communication problem is also inherent with our ILS platforms. The ILS staff client communicating back to the ILS server is another source of data being sent back and forth with potential insecure means. Some ILS platforms handle this well from a security standpoint, e.g. Polaris utilizes encryption within a remote desktop client. Other staff ILS clients require additional layers of security to prevent the client from sending or requesting data from the server in an insecure transaction. ILS platforms such as Symphony or Sierra utilize a staff client that will pass data back to the ILS server in plain text. Some of the newer web-based staff clients such as SirsiDynix BLUEcloud, Polaris LEAP, Evergreen, or Ex Libris Alma utilize the HTTPS security on the staff client, which is the ideal secure communication as it is end-to-end and requires no intermediate network security such as the VPN or VLAN.

How can we improve our library data security? I will outline the various approaches to improve and protect library data transmission in part 3 of this series.

2019 Program Rewind

By Olivia Buck

One of my favorite things about working at a public library is that we do so much more than just books; we also offer so many amazing programs to our patrons! I love hearing about the creative ways that libraries are engaging with our communities. Reading about the cool programs that my other library friends are working on at their own libraries always brings a smile to my face. As 2019 draws to an end, I thought it might be a good chance to list some of the exciting programs that Bloomington Public Library has offered this year.

● Tales for Tails

Trained and certified therapy dogs are paired with children grades K-5 who want to practice reading aloud. The dogs are accompanied by their handlers at all times while enjoying the attention and listening to kids read to them.

Tales for Tails

● Booo-kmobile and Halloween Parade

Kids of all ages braved the cold and snow this Halloween during our annual Halloween Parade and Story Time. The parade took kids around the library and ended with a special Halloween Story Time in our Community Room. Crafts were available for kids to make in the Children’s Department. Kids journeyed outside and onto our Bookmobile which was decorated for Halloween including spooky music, spiders, bats, and cobwebs. On the Booo-kmobile kids met library staff (myself included) dressed up as the Three Little Pigs and played games like pin the tail on the Big Bad Wolf and a Halloween-themed I Spy.

● Beginner Spanish Language Classes

Patrons age 7 and up that were interested in learning Spanish joined us for free introductory Spanish classes taught by the Modern Language Culture Institute. Each class covered two topics and included hands-on activities. Topics included: Greetings, the alphabet/months/days, family members, and body parts.

● Girls Who Code

Girls Who Code is a nationwide, nonprofit organization which aims to increase the number of women in computer science related fields. The organization promotes safe, fun environments to build computer programming skills and confidence. In a series of nine sessions, teens learned fundamental concepts of loops, variables, conditionals, and functions that form the basics of all computer programming languages. Participants grades 6 – 12 learned to work as a team.

Girls Who Code

● Spy vs. Spy

Bloomington Public Library and Normal Public Library teamed up to bring a fun program to teens in our area. Teens learned the basics of cryptography and code breaking while working with team members and competing against other teams to find clues, defeat a laser maze, and win prizes.

● Sparkling Grape Juice and a Masterpiece (for Teens)

In this highly popular program, teens attended a two-hour paint class in which an instructor creates a painting while the participants follow along to create similar paintings. As they painted, teens enjoyed light refreshments. All participants walked away with their own unique masterpiece.

Sparkling Grape Juice and a Masterpiece

● Dance the Nights Away

In this series of four events, dance instructors from a local studio offered free dance lessons in four different styles. Patrons have enjoyed dancing the waltz and salsa as well as learning the fox trot and how to swing dance.

Dance the Nights Away

● Bloomington Reads

In an annual programming series starting in March and ending during National Library Week, Bloomington Public Library held a community reading event for the spotlight title Heads of the Colored People by Nafissa Thompson-Spires. Events included a short story writing workshop, a self portrait collage program led by a mixed-media artist, and an introduction to graphic novel design. As a part of this series, we partnered with Next to Normal Story Slam on a program where local storytellers shared their personal stories around the theme “The Real You: Who Does the World See and Who is the Real You?” The programming series ended with an author visit. Thompson-Spires, a professor at the University of Illinois, visited Bloomington Public Library to share about her short story collection, including a Q & A session and book signing.

Bloomington Reads

● How-To Festival

At this event, patrons had the opportunity to learn a variety of skills and crafts by stopping at stations set up throughout the library. A mixture of volunteers and library staff provided a range of topics for all ages. A firefighter taught hands-only CPR, the Music Shoppe taught how to play classical guitar and the ukulele, a volunteer taught kitchen knife skills, the Ecology Action Center taught how to recycle and compost, and I personally taught attendees how to create black out poetry and how to write short stories.

● Murder Mystery Party

In celebration of Halloween, registered participants gathered together in our Community Room in order to figure out who committed murder! When registering, patrons answered a questionnaire that asked questions like which gender (if any) character they would be interested in playing, as well as questions to help match them up with a role they would be interested in. An email with each participant’s role was sent out about two weeks ahead of time to give people time to think about their role and get excited about the program. Participants were encouraged to wear costumes to inspire them for their role throughout the party.

Murder Mystery Party

● Local Author Fair

Over twenty authors from McLean County were stationed throughout the library in celebration of National Novel Writing Month (NaNoWriMo). Patrons could stop by to speak with them about their books and the craft of writing. Authors presented various genres of books at the fair and were able to provide tips about the publishing process.

¿Hablas español?: Serving Spanish-Speaking Patrons at Bloomington Public Library

By Olivia Buck

It can be difficult for libraries to reach out to the members of our communities who speak a language other than English. Not all staff members can communicate with patrons who speak other languages, the patrons may not understand the speakers at our programs, documents can’t be translated into every language we may need, etc. As someone who minored in Spanish in school (and someone who is passionate about languages in general), I have spent time trying to think of new ways to reach out to those who primarily speak Spanish (or other languages). I am always excited to hear about the ways that we can serve these members of our community.

I talked to several staff members at my library to create a list of all the various ways we reach out to non-English speaking members of our community. Below you will find a list of the various methods our library has used in order to try to engage with the non-English speakers in our area.

  • Self-Checkouts have a Spanish language option available.

Patrons can tap a button that allows them to use the self-checkout in Spanish. This way they can easily checkout, view their accounts, and renew their items.

  • Spanish Checkout Guides and Marketing

At BPL, we have had a Spanish Checkout Guide for many years. The guide introduces new patrons to our services and library card policies. When signing up new cardholders, I have used this to help me explain the card in a way that will make the most sense to Spanish-speaking patrons. We have also translated some of our Summer Reading Program documents into Spanish.

  • World Language Collections

Our World Language Collections include a variety of languages including Spanish, French, German, Hindi, Tagalog, and several others. We have materials for patrons of all ages which include books, movies, music, and audiobooks. We also have e-books and e-audiobooks available in Spanish for our patrons to check out online.

  • Language Learning Resources

Our library has a variety of language learning resources available to our patrons. In addition to books, movies, and audio CDs, we have online resources available as well. These include: Duolingo, Mango Languages, Sign Language 101, and Transparent Language Online.

  • Programming

Our library has hosted various programs that may appeal to those of other cultures and backgrounds. Examples include the following: Celebration of India, Día de los niños, and the Chinese Mid-Autumn Moon Festival.

Our library’s Outreach Library Associate also attends various community events that reach out to groups of people the library may not have contact with otherwise. She has attended meetings with a group called Conexiones Latinas de McLean County and signed up library cards for ESL students at the nearby community college.

  • Spanish Book Club

In February 2019, Bloomington Public Library started a Spanish Book Club (club de lectura en español). As the name suggests, the selected book is written in Spanish and the book discussion is largely in Spanish as well. Discussed titles have included Mi negro pasado, Más allá del invierno, and others. The club is facilitated by a Spanish Literature professor from a nearby university. The Spanish Book Clubs have been well attended, by both native speakers as well as a few attendees who were learning Spanish. The participants come from all different backgrounds including patrons originally from Columbia, Guatemala, Mexico, and other Spanish-speaking countries. Attendees have expressed excitement about the book club. In fact, they have organized their own meetings outside of the library and have put together a Facebook group to keep up with members of the book club. At the first meeting of the book club, approximately 50% of attendees had never had a library card before, and signed up for a card that day.

  • Foreign Language Contacts

On our staff webpage, we have compiled a list of staff members who speak other languages. The staff members volunteered to be a point of contact for patrons who speak various languages. Currently these languages include Spanish, Italian, and German. It has been a helpful resource. As a Spanish language contact, I have been called upon to help Spanish speakers sign up for library cards, inquire about lost or damaged items on their accounts, assist with computers and printing, and a variety of other topics.

Public Libraries Versus the Echo Chamber

By Don McKay

The provocatively titled book Bowling Alone uses declining participation in bowling leagues to illustrate the erosion of in-person social intercourse in America. The author blames this development on technologies like television and the internet that make it easy to spend our leisure time alone. Since the book’s publication in 2000, social media and our ability to curate what we read, watch and listen to when and where we want have accelerated expectations for individualized experience. We are increasingly aware of the consequences, good and bad.

One consequence that may be personally satisfying, but socially harmful, is the “echo chamber,” that popular metaphor for a closed system that amplifies or reinforces a certain, often narrow, point of view. The term may be new, but echo chambers are not—they seem part of that tribal mentality inseparable from the human condition. What is new is the social influence exerted by echo chambers that are nourished by the internet. Echo chambers are designed to exclude and polarization naturally follows.

Public libraries are an antidote to echo chambers. They are inclusive institutions—they literally welcome everyone. They have a democratizing influence by providing access to resources we may be otherwise excluded from by lack of income or social status, resources that help us better ourselves and our communities. By design, public libraries have resources for all but the most extreme interests and points of view.

Unlike the exclusivity favored by echo chambers, public libraries embrace individualized experience to foster inclusivity. This has not always been obvious. Post-war libraries were designed as homogenous environments that differentiated between children, teens and adults only in the types of collections found on the shelves. Just as post-war educational models gave way to new models intended for the digital age, so did public libraries’ services and environments evolve to meet new societal needs.

Today’s public libraries feature differentiated environments that support individualized experiences for children, teens, adults and the elderly, for school students and the home-schooled, for businesses and the unemployed, for book clubs and artists, for readers and makers. In light of the loss of in-person social intercourse cited by Bowling Alone, public library environments offer a significant, if unanticipated, benefit—they are physical places, settings for in-person social interaction.

Public libraries seem to have intuitively recognized the advantage of being a public place, but they have struggled to explain it. ‘Community center’ is one popular characterization that public libraries have used to rebrand themselves, but this, while true, fails to distinguish libraries from park district and other facilities that claim a similar role. The recent characterization of public libraries role in our ‘social infrastructure’ comes closer to the mark, adapting the widely understood concept of physical infrastructure to a less tangible, but equally important type of infrastructure.

The more we embed ourselves in virtual social worlds, the more we may appreciate the value of real places. As algorithms increasingly guide us to everything from music to dates that fit safely within our comfort zones, real places like public libraries will become more important for in-person social intercourse, often unpredictable, that is necessary for a healthy and civil democracy.

Libraries & Leaky Data: Part 1

By Aaron Skog

The ILA Best Practices Committee has recently been tasked with studying the issues of patron privacy around the use of printed hold wrappers in public areas. It is good to see a focus on the most obvious aspects of protecting patron’s privacy since having a patron’s full name stuck on a book in a public area is just an outright problem when you think about it. If we attempt to square this practice with the widespread acceptance that a patron’s reading habits and their history of checkouts must be protected from other prying eyes (such as government agencies or various Freedom of Information requests) we see the difficult balance between providing convenience and adherence to privacy. There are however, other areas within library services where the patron data being “leaked” is not as easy to see as a hold wrapper printed with a patron name. These sources of data leaks can be found within the software ecosystem used commonly throughout libraries.

What are these potential sources of library data being leaked? Below are some of the more widely used pieces of library technology which potentially have your library patron data or require accessing your patron data at some point within their functions.

  • Integrated Library System
  • Discovery OPAC
  • Self-checks
  • Computer Reservation
  • Print Stations
  • Automated Material Handlers (AMH)

All of these software systems either by design or through its back-end structure may collect patron information within their databases or software logging process. These systems can run for years, quietly collecting data, as they sit somewhat inconspicuously on the library network.

The worst culprit within the library software ecosystem for leaking patron information into your library network is the Standard Interchange Protocol, otherwise known as SIP2. The widespread use of SIP2 was due to our need for standardization of data exchanges between library software systems. This led somewhat innocently to the SIP2 protocol being used far and wide in library technology. Nearly every software vendor that wants to sell a software services to any library will use or work with SIP2. Any library software service that queries the ILS can do this through the use of SIP2, so the adoption by libraries of SIP2 on their networks is near universal.

How bad is SIP2 in terms of data security? Pretty bad in terms of how it is typically deployed “out of the box” within library networks. Here are the 10 patron fields of information shared within a single SIP2 patron authentication query.

  1. User’s barcode
  2. User’s PIN/password
  3. User’s full name
  4. Address
  5. Email address
  6. Phone number
  7. Birthdate
  8. Gender
  9. Age category
  10. Fines owed

A single query to see if a patron can gain access to a library computer or to a service will send all 10 fields of patron across the network regardless of only needing to verify if the patron is in “good standing.” It doesn’t matter if the service only needs to see one of the fields: SIP2 sends all 10 fields of data in response to a query.

With the widespread use of SIP2 protocol within library networks and the preponderance of various systems within the library such as multiple self-check stations or print stations, all of which likely use SIP2 to talk to the ILS, you have a lot of patron data being sent around the library network. Making this problem worse, all of these data fields are sent in plain text, which includes the patron’s PIN/password. Many systems software logging processes will save every SIP2 transaction into a file that can easily have hundreds of patron’s passwords and potentially thousands of transactions showing a patron checking out an item. These computer stations typically utilize local logging or small-scale databases for the purposes of providing libraries statistics on usage at the individual stations. Unless active measures are undertaken to purge logs and remove data collected, libraries have patron data stored throughout library desktops and servers beyond the typically more secure ILS.

It is usually at this stage of describing the problem where there is some questioning  on the severity of the issue. Some folks will minimize the likelihood of this data getting hacked or stolen from the library network. Or they will take solace in the library being a small, unworthy target for any malicious intent. While it is true we have been largely helped by the fact we are a small, perhaps less juicy, target of a data hack, the network data attacks have now reached a more ruthless level. These ransomware attacks simply do not care who their target is and go through an automatically scripted series of software exploits to hijack any computer or server and steal/password encrypt its local data for ransom. This has occurred at the National Health System in the United Kingdom, dozens of countries government networks, and more recently the Baltimore City’s servers. It has even happened to public libraries.

We can no longer sit idly by and wait for the data to be stolen under this scenario and the ensuing PR and financial liability nightmare to befall us. If this were to happen to a library, wouldn’t it be better to know that the only source of patron data available was at a single point on your network rather than dozens? Or that it was understood precisely where this patron data resides and to take better efforts to protect the data on that device? Over a series of blog posts, I will outline the steps to take to help libraries understand the network protocols, ILS configuration strategies, network design, storage and logging that should be considered when undertaking an overall audit of your library’s leaky data problem.