Linux in action: A public library's success story

NewsForge.com ^ | May 05, 2004 | Joe Barr

[E. Pluribus Unum]

Over the past year, the Howard County (Md.) Public Library has migrated more than 200 public PCs from Windows 98 and Windows NT to Linux. These PCs are used both to surf the Internet and to access the library's catalogues. NewsForge recently spoke with Brian Auger, associate director of the library, and the IT team responsible for the migration. We wanted to learn more about why and how it was accomplished, and how pleased they are with the results.

The library is located less than 10 miles from NSA headquarters, between Baltimore, Maryland, and Washington, D.C. It operates five branch locations in addition to the central location. A library employee was recently recognized for her contributions to education, and the library itself received the Accessibility Award for Programs by the Commission on Disability Issues. All six library locations offer free Wi-fi access. The library also offers patrons the use of "kiosk-style" PCs to explore the Internet and search the catalogues.

Why migrate?

Like many others, HCPL was caught between a rock and a hard place. Its 200 public-access PCs were running on Windows 98 and Windows NT. The maintenance costs to patch and maintain them were growing with every new virus or security hole discovered. Windows XP offered an automated solution, but it required not only a cash investment for the software, but also for upgraded PCs. It wouldn't run well on many of the older PCs being used.

The turning point came when Dynix, a major vendor of library software, began to offer a new version of PAC, which enables public access to library catalogues. PAC can be used on any platform with a Web browser. Auger saw it as an opportunity to escape the Windows cash crunch.

IT Manager David Añasco pointed out that Linux was being used at the library even before the migration began. He told us: "We use Linux on old boxes as routers, as firewalls, we have tried to use linux wherever it makes sense. Our e-mail server is Linux, and we are in the midst of migrating all of our Windows NT domain controllers to Linux."

So it was only natural that, given the freedom provided by Dynix's platform-neutral offering, the use of Linux for the public access machines be evaluated as well. That's where Luis Salazar and Mike Ricksecker come into the picture.

Mike told us: "Luis came to me with the Linux From Scratch project, and it was kind of like, 'Hey check out this site,' I had known by that point that the library was looking at different Linux solutions ... so (we) started dabbling in it and got a working model."

As Auger recently wrote in an article for Library Journal: "Our two Linux luminaries, Michael Ricksecker (network specialist) and Luis Salazar (network engineer), created a kernel and resulting user desktop that closely mimic not only the look and feel of a Windows desktop and browser but lack the unnecessary bells and whistles that come with a standard Windows installation."

Using LFS as a starting point, Luis and Mike were able to build a minimal Linux kernel that included only the functionality required by the "kiosk style" machines. They added the Gnome desktop environment, the Mozilla browser, and OpenOffice.org to complete the picture. They call the new distribution "Lumix." It's a combination of their first names, Luis and Mike. By the way, it's pronounced loo-mix, not lummox, which is something else entirely.

When asked what the biggest hurdle was in creating the Linux public terminal, Luis and Mike both agreed that it was in locking everything down: setting permissions and removing functionality that patrons would not need. By August, they had a working model, and the project got an official blessing to proceed.

The results

Everyone appears to be happy with the results: patrons, IT staff, and management. The patrons get a machine they can surf almost anywhere with. The only sites they can't reach are those that require Internet Explorer. And while they can't play Shockwave games, Flash- and Java-enabled Web sites display just fine. PDFs can be viewed, and OpenOffice.org allows MS Word, Excel, and PowerPoint documents to be displayed as well.

The migration seems to have been almost transparent to most of the library's regular PC users. One patron asked Dave as he was walking by one day if he had anything to do with the computers. Dave said yes, and the user thanked him for stopping the pop-up ads.

The IT staff itself is thrilled with the ease of administration. Each PC runs a script twice a day to check for any configuration changes or patches, so they no longer have to visit each machine individually in order to roll out new functionality or upgrades. And each time a new Windows epidemic makes headlines, their smiles get even bigger.

Añasco told NewsForge: "From my standpoint, being department manager, we are saving money because we are not having to maintain something and so again -- I am a certified Microsoft CE -- I have nothing against it, but I just can't stand using it anymore because it is so unstable. "

Library management is happy because of the money it is saving. Those savings come from reduced administration costs and from hardware savings. The software savings are negligible because, as Auger points out, it's almost impossible to buy a new PC without getting Windows on it.

The hardware savings are the result of not having to buy new PCs capable of running Windows XP to replace older boxes which lack sufficient memory and power. That means the 15 new PCs purchased since the rollout are additions to the library's offerings, not replacements. And with no increase in budget required, they plan to add another 20 new PCs before the end of the fiscal year.

The future

HCPL also provides a small number of word processing machines at each location to their patrons; some branches have only two, others have four. The machines feature MS Office running on Windows NT. Because word processing is such a popular service, the library plans on rolling out a new release with a full version of OpenOffice.org (the current offering is only good for viewing documents) in the near future.

Auger asked that we point out that the library will be glad to help others do the same thing. Lumix is open source, and if you're interested in getting a CD containing Lumix, just send them a request for it by e-mail. What they can't do, he said, is visit your site and install or debug it for you.

Luis and Mike, however, are offering additional assistance for those who require it. They can be reached at the LumixTech Web site.

[rdb3]

The Penguin Ping.

Wanna be Penguified? Just holla!

Got root?

[Salo]

Good read. And SCO is laying off engineers. Life is good.

[Mr. K]

Now if we only all had a Luis and Mike (who pays their salary?) to install this on all our PC's. 200 PC's "over the last year" and "by august [they were finished]"

Does no one see the dollar figure for their time?

[beaversmom]

Thanks for the ping--forwarded to Linux nut husband.

[Salo]

Which would be paid no matter what OS they were using - someone has to apply all of those patches. ;-)

Does no one see the dollar figure for their time?

[E. Pluribus Unum]

Does no one see the dollar figure for their time?

Uhhh...

Do you not see the dollar figure for their time installing Windows 98 patches AS MENTIONED IN THE ARTICLE.

Do you not see the dollar figure for their time installing Windows XP AS MENTIONED IN THE ARTICLE?

Or is time spent maintaining Windows installations free?

[antiRepublicrat]

Does no one see the dollar figure for their time?

Luis and Mike were already on the staff. They invested their time up front so that the library system could save money in the short-term by not having to get XP licenses and buy mostly new computers, and in the long-term by decreased maintenance costs, decreased succeptibility to viruses and never again paying licensing fees.

Sounds like a good deal in the end. Your taxpayer dollars at work, and finally in a smart way that stretches them further.

[stainlessbanner]

Good article. Lots of cost savings - hw, sw, labor, efficiency, security.

[Future Useless Eater]

>>...so that the library system could save money in the short-term by not having to get XP licenses and buy mostly new computers

Good point. There are hundreds of thousands, maybe millions, of 3 to 5 year old computers stacked up like cordwood in the world, virtually useless for windows, but load them with Linux and they become powerful computers again!

[justlurking]

Luis and Mike were already on the staff. They invested their time up front so that the library system could save money in the short-term by not having to get XP licenses and buy mostly new computers, and in the long-term by decreased maintenance costs, decreased succeptibility to viruses and never again paying licensing fees.

And on top of that, they are offering their version of Linux (+ Gnome, Mozilla, and OpenOffice) to anyone that requests a copy of the CD.

At the moment, the ISO isn't available for immediately download. But, I expect it's only a matter of time before you can do so, at least via BitTorrent.

[Codeflier]

I know of this project and I know Brian Auger pretty well. The only thing I would like to add is that the day will be coming when there will be more targeted attacks to Linux products once a large percentage of desktops are running it.

I always caution my fellow Linux users to quit overplaying this idea that Linux is exempt from viruses and other security threats. Everytime people boast about this they are only motivating others to develop attacks in the future.

[CyberCowboy777]

Perfect solution for the situation.

The key is to keep your mind open to the best solution for a particular situation. Lemming behavior towards any platform is stupid.

[Nick Danger]

This did not happen.
This cannot happen.
Linux is not ready for prime time.
Linux has a command-line interface.
Linux is a national security risk.
Big sister tried it and it blew up her dog.
You will buy and install Microsoft Windows®
That is all.

[Knitebane]

I always caution my fellow Linux users to quit overplaying this idea that Linux is exempt from viruses and other security threats.

This is one of those straw-man arguments that keep popping up. And I feel the need to keep playing Whack-A-Mole.

No one has said that Linux is immune to security threats. Linux and other Unix-type operating systems have an entirely different architecture than Microsoft operating systems, even the new ones. And the developers of Linux and other Unix-type operating systems have different programming standards, and different distribution methodology and a host of other differences that set them apart from the Redmond software library.

These differences together make for a much more hostile environment for malicious code than the Windows code. And Unix-type operating systems are designed to respond better to failure modes.

Unix-type operating systems tend to run system-level processes not with just one super-user account, but with a separate account for each system process. One process cannot directly access another. Only the super-user has access to everything, and many modern Linux distros yell at you if you try to run as root.

So, even if there are the same number of attacks there will be less actual damage due to the way that Unix-type systems are different.

There have been Linux worms. In fact, there has been one fairly recently. And it did very, very little. It affected a fraction of 1% of installed Linux systems.

How does a current Windows worm, say Nimbda or Sasser, compare?

With Unix-type operating systems, having multiple users on a single machine was an essential design element, and the security required for such processes were built in from the beginning.

With Windows, multi-user was an add-on to Windows2000 Advanced Server.

Microsoft has still not learned that security is not a bag you hang on the side. It has to be built-in from the beginning.

[justlurking]

Microsoft has still not learned that security is not a bag you hang on the side. It has to be built-in from the beginning.

I think that some of the applications are complicit in this particular aspect. I know one in particular that is a very popular among small businesses (*cough* Quickbooks *cough*) which requires the user to run with administrative privileges.

The best I can determine, it's because the application writes files in the installation directory (i.e. C:/Program Files/etc.) during day-to-day usage. A smart user can change the access permissions for those folders to circumvent the problem, but that's not what the installation process (or perhaps it was the first time it runs) suggests.

I ran into this same kind of problem with my own company's software, when trying to install and run it at a client that had locked down the desktops so that the user was prohibited from writing anywhere except his/her folder(s) in "Documents and Settings". This is a common policy, especially among financial firms, and I escalated the problem to critical as fast as I could.