Library Technology Guides

---

Volume 9 Number 08 (August 1989)

Password management

Passwords are the first line of defense against unauthorized access to a computer system. For passwords to be an effective form of user authentication, some form of password management is required. The main considerations are that users select "good" passwords and that passwords are protected from compromise. They also should be changed at least quarterly, and the passwords of staff leaving the organization should be cancelled on the last date of employment.

A "good" password is easy to remember without being easy to guess. For example, characters from Dickens are easy to remember, but also easy to guess. One institution learned that the hard way when its most confidential files were retrieved by curious system users assigned characters from Dickens keying in "Scrooge."

While a common method of seeking password security is to assign the passwords, rather than having individuals devise their own, that has its drawbacks. Aside from the problems of securely generating and distributing assigned passwords, the obvious shortfall is that users often find assigned passwords difficult to remember. If users resort to writing their passwords down or encoding them in their keyboard function keys, then a considerable risk of compromise is introduced.

Most organizations appear to allow users to select their own passwords. This is simpler and much more popular than password assignment. However, when password management is a diffused responsibility, password security may be more difficult to realize because staff may pick their initials, nicknames, or other easy to guess passwords. Therefore, some means of guiding the user selection of passwords must be provided. The following are six suggestions for managing passwords:

1) a minimum number of characters can be specified; 2) names and nicknames can be ruled out; 3) one might require at least two non-alphabetic characters, provided that it not be the last two digits of the year; 4) one might require a character replacement scheme. This is accomplished by using digits for letters, like replacing an "i" with an 'l,'' or an with a "0," and "s" with a "5," an's so on. If the example above is used as a guide, ordinary English words can turn into unusual, but easy-to-remember passwords. For example, using character replacement, the word "password" would be transformed into "paSSwOrd." 5) A shift can be required. Shifting means that the replacement character is "shifted" on the keyboard some number of characters to the left or the right. The shift can be applied in either direction and in varying levels of magnitude. 6) The password might be made up from the first letters of a phrase, provided it is not a famous one. For example, IDABR would be the password based on phrase "I deserve a big raise."

Non-alphabetic characters, replacements, shifts, sentence schemes, plain old imagination--there are many ways to make good passwords. Still, the key is for all users to be aware of their responsibility to take password selection seriously, and to keep passwords absolutely confidential.

Geac moves headquarters

Geac has a new corporate head office in Markham, Ontario. After many years on Steelcase Road, library division and corporate executive offices moved this June to new quarters in Markham's "Corporate Campus" development. The new offices are within walking distance of Geac's Valleywood Drive manufacturing plant.

Any mail which would have been addressed to the Steelcase Road office should be sent to: Geac; Suite 300, 11 Allstate Parkway; Markham.. Ontario; L3R 9T8.

International Library Systems takes over Sydney

International Library Systems Corporation has been granted exclusive North American distribution rights for the Sydney Library System. Created by former members of the Library Group of Sydney Development Corporation, this new company is solely responsible for all aspects of its sales, marketing, training, support, and development. Sydney employees who were involved in the development and support of the Sydney Library System have all joined the new company.

Sydney Development Corporation decided last February to discontinue sales and development of the Sydney Library System and has recently declared bankruptcy. The Sydney Library System is now installed in 400 sites worldwide.

[Contact: International Library Systems Corporation, 3701 Inglewood Ave., Suite 167, Redondo Beach, CA 90278; (213) 370-5654.]

CompendexPlus on NOTIS

Engineering Information, Inc. (El), a not-for-profit information service dedicated to the worldwide dissemination of literature in all of the engineering and technical disciplines, and NOTIS have announced the signing of an agreement to offer CompendexPlus tapes on the NOTIS system effective immediately. El data base tapes will be available to NOTIS installations through special software developed by NOTIS for loading, storage and retrieval using the same procedures and commands as the NOTIS online catalog. NOTIS has also added several features for these data base, including Boolean logic and special indexing.

Earlier, El had announced significant changes in its pricing structure to encourage wider use of its electronic data bases on individual in-house retrieval systems. The pricing concept will now be extended to multi-user in-house retrieval systems. The new pricing applies to all of the data bases published by El. These files include CompendexPlus, an integrated data base offering descriptive abstracts and bibliographic information for both the periodical engineering literature and conference proceedings; Compendex, covering the periodical engineering literature exclusively, El Engineering Meetings, covering conference proceedings; and the Engineering & Industrial Software Directory, third edition, just published.

[Contact: El, (800) 221-1044 or in New York (212) 705-7600.]

AVIAC report

AVIAC, the Automation Vendors Interface Advisory Committee, held its semi-annual meeting June 26th in Dallas. Attendees heard a progress report from the group which is working on a patron record standard (NISO SC LL). An initial draft is expected within a year. It also learned that the PLA/Community Information Section Technology Committee has completed work on data elements for information and referral files. It will next deal with formats. The most encouraging report was that the Common Command Language standard may be completed before the end of 1989. The two negative votes apparently are being resolved and submission to the American National Standards Institute can now be scheduled.

There was considerable discussion about MARC output verification. Should LC--or another agency--test records output by local library systems and certify whether they conform to the MARC format? The inconclusive nature of the discussion suggests that a special meeting on the topic may be necessary. There appeared to be agreement that at a minimum LC should prepare and sell a test package that vendors could use to do their own testing. LC made no commitment other than to project completion of its own deliberations by late summer, and to provide AVIAC participants with a paper to facilitate further discussion.

Online '89 scheduled

Online '89 will be held at Chicago's Palmer House Hotel from November 7-9, 1989. The preliminary program is now available. Scheduled are three half-day sessions for online searchers, two sessions for data base/Microcomputing users, two sessions for CD-ROM and optical system users, one session for network managers and planners, and a full day of sessions for information managers. Registration before October 2 is $325. In addition, two satellite sessions for choosing microcomputer software for in-house data bases and selection and management of CD-ROM are separately priced at $125 and $150.

[Contact: Online Inc., 11 Tannery Lane, Weston, CT 06883; (800) 248-8466.]

LC reduces select MARC prices

Select MARC, the Library of Congress Cataloging Distribution Service's retrospective conversion program, has been revamped to reduce its costs. Customers may now request records in machine-readable format from the following five Library of Congress MARC Distribution Service (MDS) data base files: books, serials, maps, music, and visual materials.

Instead of paying a fee for each file search, all five files are searched for a single base fee of $300. There is still a charge for each record retrieved depending on the form of input provided to CDS. Tape input is 1 cent per record, floppy diskette input is 2 cents per record, and the hard copy charge is 8 cents per record.

[Contact: Cataloging Distribution Service, Library of Congress, Washington, D.C. 20541; (202) 707-1170.]

Waldenbooks, Dalton, Ingram, B&T announce electronic ordering plans

At the May 19, 1989, meeting of the Book Industry Systems Advisory Committee (BISAC), Russell J. Balletto, BISAC Chairperson, announced that the two major bookstore chains, Waldenbooks and B. Dalton, will be working with wholesalers Ingram and Baker & Taylor to develop a network and formats for telecommunications with their trading partners. Their plans include surveying their top 300 to 400 vendors to determine their computer and telecommunication capabilities. Concurrently, they will select among several organizations offering third-party electronic data interchange (EDI) networking capabilities. These networks currently support, on a more economical basis, the purchasing-related transaction formats developed by Accredited Standards Committee (ASC) X12, Business Data Interchange, rather than those developed by BISAC. The four companies will be reviewing the ASC X12 order, order acknowledgement and invoice transaction sets to determine the data elements appropriate for the book trade.

Waldenbooks and B. Dalton currently send orders to many publishers and receive invoices from them on computer tape in the computer-to-computer formats developed by BISAC. Waldenbooks has begun online telecommunications with Random House and Harper & Row. B. Dalton, Ingram and Baker & Taylor as well as Waldenbooks are interested in taking advantage of comparable savings with other vendors within and beyond the book industry.

In a letter to Balletto, Hank Fisher, Executive Vice President and Chief Financial Officer of Waldenbooks, stated, "We as a group are committed to work within BISAC." Reportedly, they will continue to support the current BISAC standard until the new X12 standard is implemented, and they requested "BISAC's support in our efforts and to endorse ANSI X12 (formats) as its future communication standard." Sandra Paul, Managing Agent for BISAC's parent organization, the Book Industry Study Group, agreed to apply for membership in ASC X12 on behalf of BISAC, with initial financial support from the four companies.

Paul acknowledged the growing use of X12 formats for national and international EDI, but expressed concern that "BISAC's library constituency has traditionally used a format based on ANSI Z39.2, Bibliographic Data Interchange." Paul suggested that BISAC's library members be made aware of Waldenbooks, B. Dalton, Ingram and Baker & Taylor's decision before any BISAC position on the X12 formats is finalized.

[Contact: Book Industry Study Group, 160 Fifth Avenue, New York, NY 10010; (212) 929-1393. Data Interchange Standards Association, Suite 355, 1800 Diagonal Rd., Alexandria, VA 22314; (703) 548-7005.]

Is online ordering legal?

The increasing prospect of online ordering has raised the question of whether the contracts derived from these orders are enforceable. The uncertainties arise from the longstanding Uniform Commercial Code, which--in whole or in part--governs commercial transactions in every U.S. state. The crux of the problem is Section 2-201(1) of the UCC's Statute of Frauds which provides that any contract for goods valued at $500 or more is not legally enforceable unless there is writing "sufficient to indicate a contract for sale has been made between the parties" and it has been "signed by the party against whom enforcement is sought." The "writing" must be in "tangible" form.

According to the legal counsels for several organizations, the best way to anticipate possible problems is to have a written agreement that both vendor and library agree to be bound by the electronic transactions transmitted between them over a specified time period, usually one year. In this way, price quotation or order is legally binding even though it was not transmitted on paper in writing.

WORM storage

Libraries interested in building back-up or journal citation files on systems that support the SCSI interface can now consider WORM (write-once-read-many) optical media as a low-cost storage option. Two devices already on the market are Toshiba's 600MB 5.25 inch model SM-SO7O WORM drive for $3,595 and Hitachi's 600MB 5.25 inch WORM model OD112-l drive for under $5,000 (a unit which can be incorporated into a 30GB jukebox). Another entry into the market is a new third-party device which tricks any SCSI-bus-based computer into believing that a WORM drive is a Winchester unit. This trickster, known as an Optical Conversion Unit, is available from Ten X Technology, Inc., for $1,295. While currently only one WORM drive is supported, an upgrade to four drives is planned for late 1989. (See address at end of news note.) WORM technology compares very favorably with Winchester magnetic media and erasable optical media with regard to cost (device and media) and capacity, but still lags behind in access speed for multi-user systems as shown in the following comparison:

• Winchester 5.25-inch disk
  26 msec. average access time
  765 MB capacity
  $10 per MB
• Optical WORM 5.25-inch disk
  60 msec. access time
  1.6 GB capacity
  $3 per MB
• Erasable optical 5.25-inch disk
  30-50 msec. access time
  1 GB capacity
  $12 per MB

The major firms in the WORM and erasable optical markets are Canon, Hitachi, Maxtor, Ricoh, Sharp and Sony. approximately 7,000 units are expected to be shipped in 1989.

[Contact: Ten X Technology, Inc., 4807 Spicewood Springs Road, Bldg. 3, Suite 3200, Austin, TX 78759; (800) 922-9050.]

Telenet may be "assimilated"

Telenet, one of the major VANs (value added networks) used by libraries to access remote data bases, may be "assimilated" or merged into US Sprint. US Sprint offers voice and digital data services over a 25,000 mile route nationwide fiber optic network, while Telenet offers public packet-switching services in several dozen countries. The purpose of the merger appears to be the integration of product lines and the elimination of redundant operations such as planning, research and development, and sales. No change in rates or terms of service is planned. However, libraries may deal with a different sales representative than before.

RLG terminates arrangement with CLASS

Following a review this spring, in mid-May the Research Libraries Group notified the Cooperative Agency for Library Systems and Services (CLASS) that the agreement under which CLASS has provided services from RLG's library information system, RLIN, will terminate no later than September 15, 1989. RLG plans to provide direct support to all current and future users of RLIN services. These include RLG members and cooperative program participants; non-member libraries using the system's technical processing or public service facilities; and individual users who search the RLIN data bases.

RLG is already the direct provider of RLIN services to its 101 members and their multiple libraries, as well as to a number of federal libraries and individuals. The RLIN Information Center--which is responsible for providing information, help, and problem resolution in all respects of RLIN use--is prepared to assist any users in planning for the coming service year. In addition to calling the toll-free number 800-537-RLIN, users can send electronic mail to the RLIN Information Center account BL.RIC@RLG.

The decision was based primarily on organizational needs of RLG and the economics of its relationship with CLASS.

RLG is restructuring its internal organization to provide comprehensive RLIN support.

[Contact: Jan James, Director, RLIN Support and User Relations, The Research Libraries Group, Inc., 1200 Villa Street, Mountain View, CA 94041-1100; (415) 962- 9951.]

Infrared LAN

Cabling can represent half the cost of a Local Area Network (LAN). Now there is a way to avoid that expense. A 4.75-pound wall-mounted device, to be shipped in September, will make it possible to connect with a LAN without cabling. Photolink, which uses infrared (IR) light to send and receive signals from computers on a network, plugs into the back of a computer and clamps to the top of a cubicle wall. There is only one screw to tighten. From its perch, it projects an invisible seven-foot-diameter infrared spot onto the ceiling. Other computers in the area pick up the reflected signal with their Photolinks. If the beam is blocked or the unit gets jarred out of alignment, a red light signals "down status." A built-in error detector ensures against data loss even when transmission stops. Because it is not restricted by a cable bandwidth, a Photolink network is restricted only by the type of network being used. Since its comparable with existing network protocols, the user needn't learn any new command structures.

Unlike radio-frequency schemes, IR connectivity is unaffected by electrical interference. It also is less expensive than spread-spectrum solutions, which require high-cost microwave facilities and a considerable amount of bandwidth.

The Photolinks due in September are for RS-232 and Appletalk/Localtalk connectivity. (Apple. invested in Photonics in January 1988.) Token Ring and 3270 interfaces are slated for next year, with Ether net to follow in 1991. One Photolink unit-with four nodes--lists for $995. RS-232 connections will also require a $995 concentrator.

[Contact: Photonics Corp., 200 E. Hacienda Ave., Campbell, CA 95OQ8; (408) 370-3033.]

445 LePac units at LACPL

Brodart claims the world's largest CD-ROM-based patron access catalog installation with the addition of 355 LePac units at Los Angeles County Public Library, bringing the total installation to 445 units. The new catalog replaces a COM (computer-output-microform) catalog, which Brodart also had provided.

Brodart also is seeking to introduce LePac to the international market. It has signed a software licensing agreement for Jouve, SA of Paris to handle distribution and production of the CD-ROM public access catalog in &rope, Africa, and parts of the Middle East. As of June, 1989, Brodart Automation is headquartered in Williamsport, PA.

[Contact: Brodart Automation, 500 Arch Street, Williamsport, PA 17705; (800) 233-8467, ext. 640.]

Grolier CD-ROM now for Mac, too

The first encyclopedia on CD-ROM that works with both Macintosh and DOS computers is now available from Grolier Electronic Publishing. The New Electronic Encyclopedia includes full text from all 21 volumes of Grolier's Academic American Encyclopedia. The CD ROM is recorded in High Sierra format and can be read using either PC or Macintosh microcomputers.

The Macintosh version requires a different device driver and search engine than the PC version, and the interface will differ, although both platforms will use the same CD ROM disc. Current versions of the encyclopedia, which are available only for DOS systems, will not be compatible with the new disc. In some cases, however, the same CD-ROM drive can also be used on either a MAC or a PC.

The New Electronic Encyclopedia retails for $395.

[Contact: Grolier Electronic Publishing, Sherman Thrnpike, Danbury, CT 06816; (800) 356-5590.]

Plain paper fax

A recent market survey by BIS CAP International has determined that 44 percent of fax users do not like coated thermal paper. Not only do they not like the difference in the feel of the paper, but they are concerned about discoloration of the paper if filed away. However, plain paper fax machines generally are expensive, with market leaders Ricoh and Sharp pegging laser-based fax machines at over $5,500. For those who want plain paper copying at a modest price, Canon has the FAX-630, a $3,495 machine. (One might also consider photocopying those faxes that are to be preserved.)

Fax, data, and voice on same line

Fax Line Manager, an automatic switch that directs fax, data and voice traffic to their proper destinations over a single telephone line has been released by Technology Concepts, Inc. The product, aimed at infrequent fax and online users, connects directly to an existing telephone line. The product is available in two models, a two-function device which supports fax/data, fax/voice, or data/voice communication; and a three-function version that supports fax/data/voice communication. The two-function model is priced at $199, and the three-function model at $299.

[Contact: Technology Concepts, Inc., 951-2 old Country Road, Suite 150, Belmont,. CA 94002; (415) 349-0900.]

Nationwide directory on CD-ROM

SilverPlatter has introduced DiscAmerica, a set of CD-ROMs containing nearly 100 million residential and business; names, addresses, and telephone numbers. The two disc set is divided into Eastern and Western editions. SilverPlatter also has introduced DiscAmerica-Business, a single disc containing 10 million American business names, addresses, telephone numbers, and SIC (Standard Industrial Classification) codes.

Users can search DiscAmerica through personal computers equipped with a CD-ROM drive. The user enters the name of an individual or a business. Searches can be limited by state, city, street, or rip code. DiscAmerica-Business allows users to search for a specific business or a range of businesses by entering the name of the business, an SIC code, or address parameters. A typical search, for example, would allow users to enter an SIC code and a state to display addresses and telephone numbers for all newspapers in California. (Currently directory assistance operators are prohibited from searching for a particular type of business within a given geographic area, and their searches are limited to a narrow geographic area such as a city or area code.)

DiscAmerica is produced in conjunction with The Database America Companies, Englewood, New Jersey, a major supplier of services and products to the direct marketing industry. Sample discs are available upon request. On site demonstrations may also be arranged. All of the products will be available for shipment no later than October. DiscAmerica-Eastern and Western are available on a prepublication basis for $1,995 each, or $2,995 for both. DiscAmerica-Business is $2,995. All three are priced at $4,995. Subscriptions to the products include a mid-year update. Monthly updates are available at additional cost.

[Contact: SilverPlatter Directories, Inc., 20 Edenville Road, Warwick, NY 10990; (914) 986-2649; fax (914) 986-0258.]

PC software bestsellers

Lotus 1-2-3 continued to be the best selling PC software package in June, but WordPerfect 5.0 was a close second. Fast-back Plus, Professional Write, and Harvard Graphics rounded out the top five. Six through ten were PC-DOS 3.3, ProComm Plus, Norton Utilities Advanced, Displaywrite 4, and dBase IV according to the publishers of Software Magazine, a trade publication for software retailers.

Two-sided printers

Hewlett-Packard has expanded its popular line of PC-compatible printers by introducing the LaserJet IID, an addition to the LaserJet line of laser printers. Among the features of Laserjet lID are two-sided (duplex) printing, two paper trays, an optional envelope feeder, and an enhanced font capability. The IID prints on both sides by printing the first side, flipping the paper, and then feeding it through the printer a second time. The printing speed is eight pages per minute. The printer automatically switches to the second paper tray when the first one empties, thus effectively doubling the paper capacity to 400 sheets. The IID's list price is $4,295.

[Contact: Hewlett-Packard Co., 19310 Pruneridge Ave., Cupertino, CA 95014; (800) 752-0900.]

"C" to become an ANSI standard language

After several years of discussion, ANSI Committee X3J11 has reported on the "C" Language Standard. While balloting was completed in March, there have been some delays in ratification. However, a published standard is expected within the next few weeks. An ANSI standard for "C," now the most popular language for library applications, will facilitate migration of software and in-house development of vendor produced software.

Virtual memory explained

We have been asked to explain "virtual memory." The writer had the impression that it is hardware, but it is not. Instead, virtual memory is a concept. The purpose is to allow the running of large programs in a relatively small physical memory space. It works by bringing segments of a program into a computer's main memory from disk storage as needed. When the program segments have been run, new program segments can be brought into the same memory space and overlayed on those previously brought in. The concept is used not only with microcomputers, but with machines of all sizes.

---

Maintained by Marshall Breeding

Copyright 1994-2024