Monday (Tuesday) Briefing - October 12, 2021

Trustee Training Legislation Signed

After a long wait, the Governor has signed the legislation requiring members of a board of trustees of public, free association and Indian libraries to complete two hours of trustee education annually. This bill goes into effect immediately, however, the requirement for compliance begins January 1, 2023.

Training for Library Trustees

S4435B (May) / A6121B (Jean-Pierre) Status: Passed Senate & Assembly. Awaiting delivery to Governor.

If enacted, this bill would ensure that those choosing to serve their libraries as a trustee have comprehensive training, reflective of their communities, each year.

Source: https://www.nysenate.gov/legislation/bills/2021/S4435/amendment/B

Text in Bill

§ 260-d. Board of trustees continuing education. 1. Beginning January
4 first, two thousand twenty-three, each member, elected or appointed, of
5 a board of trustees of a public, free association or Indian library
6 shall be required to complete a minimum of two hours of trustee educa-
7 tion annually, from a provider approved by the commissioner on the
8 financial oversight, accountability, fiduciary responsibilities and the
9 general powers and duties of a library trustee. Such trustee education
10 may be delivered online or in person, and may include lectures, work-
11 shops, regional or national library association programs, or any other
12 format approved by the commissioner.
13 2. Each member shall demonstrate compliance with the requirements of
14 this section by filing with the president of the board of trustees
15 evidence of completion of trustee education from an approved provider.
16 Actual and necessary expenses incurred by a member in complying with
17 this section shall be a change against the library. Such evidence shall
18 include one of the following:

S. 4435--B 2
1 (a) certificates of completion issued by one or more approved provid-
2 ers; or
3 (b) a signed self-assurance of completion. Such assurance shall iden-
4 tify the approved trustee education providers, a description of the
5 format and content of the completed instruction activities, the date and
6 time such member began and completed each instruction activity and an
7 explanation of why a certificate of completion was not available from
8 such approved providers.
9 § 2. This act shall take effect immediately.

Source: https://legislation.nysenate.gov/pdf/bills/2021/S4435B

Annual Meeting and Trustee Election

Tomorrow night, Wednesday, October 13, 2021, at 6:00 PM, we will be holding an online Annual Meeting for the election of our System Trustees. Unlike previous years, this meeting will be strictly for the election and a few remarks from System leadership.

All member library trustees are eligible to participate in the election. We will be filling three positions, Ontario County, Livingston County, and Wyoming County. We have incumbents for Ontario and Livingston, however, no one is currently running for the Wyoming County position.

Governor Kathy Hochul's First 45 Days

On the New York State website , there is a good snapshot of Governor Hochul's first 45 days in office.

As the completion of her first 45-day mark approaches, Governor Kathy Hochul has hit the ground running to deliver immediate results and make government work for all New Yorkers.

Website Connection Issues? From Dan

You may have noticed some older devices have started having trouble connecting to websites, including PLS-hosted services, in the past week.

Let's Encrypt, which issues digital certificates to websites to enable HTTPS, updated their root certificate on October 1. Older devices that are no longer receiving updates from their manufacturer (such as older iPads, phones, laptops, etc.) will no longer be able to establish a secure connection to many websites because of this change.

PLS uses Let's Encrypt-issued certificates for our websites, Equinox uses Let's Encrypt-issued certificates for our installation of Evergreen, and OverDrive uses Let's Encrypt-issued certificates for their services, like Libby. For Libby specifically, OverDrive now requires iOS 10 or higher (https://help.libbyapp.com/en-us/6242.htm). If library staff or patrons encounter certificate errors on a desktop or laptop, they should attempt to update the browser.

Older web browsers and older devices will no longer be compatible with any of the approximately 260 million websites that use Let's Encrypt-issued certificates.

Book Challenges from Suzanne

There seems to be a growing number of book challenges in both school and public libraries that are increasing in seriousness. Awareness and a Collection Development Policy (that incudes a Request for Consideration of Library Materials) are the very first steps in being prepared for a challenge (as we always say, proactive vs. reactive). Below are some news articles as well as resources for you to review.

Book Challenges in the News

• Southlake, Texas, schools restrict classroom libraries after backlash over anti-racist book (talks about Texas but also summarizes several important incidents across the country)
• Wyoming librarians under fire for books about sex, LGBTQ (while most of the recent challenges have been at schools/school districts, this is a public library)
• Potential Criminal Charges Against Wyoming Librarians “Astounding Overreach” (response to previous story)
• The Fight to Ban Books (summary of the current influx of book challenges/bannings)
• A Note from Jerry Craft (author's response to one of the challenges outlined n the previous article)

Resources

• Handbook for Library Trustees of New York State: Intellectual Freedom, Censorship, and Privacy
• American Library Association's Freedom to Read Statement
• Pioneer Library System's Statement Regarding Intellectual Freedom and Censorship
• ALA Office for Intellectual Freedom
• Geneva Public Library Collection Development Policy
• Clifton Springs Library Collection Development Policy

Continuing Education from Suzanne

We have some great workshops coming up over the next few months. Here is a sample:

• Teaching Adults & Seniors , virtual, Tuesday, October 26 @ 3pm
• Creative Workshop with Author & Illustrator Brian Yanish, in-person, Tuesday, December 7 @ 1pm at PLSHQ OR Monday, December 13 @ 1pm at Livonia Public Library
• Setting Personal and Professional Goals , in-person, Friday, December 17 @ 10am (following the System Meeting)
• Social Media Sampler , virtual, Tuesday, January 18 @ 3pm
• OWWL Libraries Mock Newbery , in-person, Friday, January 21 @ 10am
• Notary Public Training, format TBD, Tuesday, February 1 @ 5:30pm AND Tuesday, February 8 @ 5:30pm (registrants must attend both sessions)

Visit the Events Calendar to view all workshops, read full class descriptions, and register.

<a href='https://docs.owwl.org/Members/ContinuingEducationWorkshops' rel='noopener nofollow noopener noreferrer nofollow noopener noreferrer' target='_blank'>The Continuing Education & Workshops page on OWWL Docs has been updated with the slides from the first two Adult Digital Literacy workshops</a> and additional links have been added to the Ganondagan field trip resources.

American Rescue Plan: Humanities Grants for Libraries from ALA

ALA invites libraries to apply for funding through its American Rescue Plan: Humanities Grants for Libraries opportunity, a grantmaking program to deliver relief to libraries recovering from the coronavirus pandemic.

With funding from the National Endowment for the Humanities (NEH) through the American Rescue Plan Act of 2021, ALA will distribute $2 million to help anchor libraries as strong humanities institutions as they emerge and rebuild from the coronavirus pandemic. The purpose of this emergency relief program is to assist libraries that have been adversely affected by the pandemic and require support to restore and sustain their core activities.

Up to 200 U.S. libraries of all types (e.g., public, tribal, K-12, academic, special, prison) and representing a broad range of communities will receive $10,000 through a competitive, peer-reviewed application process. Register for a free webinar to learn about the application.

ALA will accept applications from October 5 to December 2, 2021. Learn more and apply online.

Selected libraries will receive:

• $10,000 to support humanities functions of the libraries.
• One print copy of "Going Virtual: Programs and Insights from a Time of Crisis'' by Sarah Ostman for the ALA Public Programs Office (ALA Editions, 2021)
• Online resources and support

The general goals of this ARP opportunity include to help create or preserve jobs; support or maintain general operations; create or sustain humanities programs; and implement new humanities activities or sustain existing activities. Eligible expenses include salary and benefit support for library workers engaged in humanities activities; costs related to in-person or virtual humanities programming, such as book clubs and guest lectures; and marketing and advertising to support library humanities efforts.

Computer and Network Services (CANS) Dept. Situations

Reset Passwords Immediately

Important! Action may be required!

While reviewing the recent email hacking situation, we have discovered the long-term use of temporary passwords. Please see more details in the email sent by Bob to pls-l on 10/4/2021 just before 10:00am.

So far we have discovered 27 passwords similar to the above that have been compromised over 255 times and are openly available on the internet.

These are temporary passwords and should never be used past the first logon. If you still have one of these passwords in ANY system it needs to be changed immediately. Please open a ticket with support@pls-net.org if you need help resetting passwords.

Remember, these passwords should be at least 12 characters and reasonably complicated. Do not use the same password for multiple services. Everything should be unique.

Additionally, if your libcirc email accounts are using passwords that are several years old or are less than 12 characters long, they should be changed as well.

Internally we have already begun using randomly generated passwords for new accounts.

Password Requirements

• Passwords used to access PLS Information Systems that contain patron PII shall be:
  • Randomly generated;
  • At least 12 characters long;
  • Unique; and
  • Should contain some level of complexity.
• Examples of adequate passwords include:
  • A “diceware” password (a string of randomly generated dictionary words)
    • If using a “diceware” password, the password shall consist of a minimum of five randomly generated words.
  • A password that is at least 12 random characters long.
• Passwords shall not:
  • Consist of previously used passwords; or
  • Consist of passwords used for personal accounts.
• Passwords used to access PLS Information Systems shall not be transmitted in plain text (such as by email).
  • An exception can be made for passwords transmitted for one-time use, i.e. passwords used for an initial login that the recipient should then change after they are able to access the system.
• If an account or password is suspected to have been compromised, report the incident to System staff immediately by emailing support@pls-net.org.

Source: https://docs.owwl.org/pub/Trash/CommunitySystemPolicies/Systems%20Access%20and%20Confidentiality%20of%20Library%20Records%20Policy%202021.09.08.pdf_

Blocked Third Party Access to Zimbra

All third-party client access to our Zimbra mail system has been blocked. Right now this means clients that use IMAP and POP to retrieve mail will no longer work. We may need to go further in the coming days. Our servers have been under attack from a Botnet for several days now. That Botnet has been successful in compromising at least one account in our system. Blocking IMAP and POP reduces our exposure to these attacks. Both protocols are problematic, to say the least. As a reminder email can be accessed through https://mail.owwl.org from your desktop or mobile device.