Seattle library network outage nears a month

The British Library - the UK's National Library - was devastated in October 2023 by a ransomware attack [0] which had a massive knock-on effect on academic institutions, students and also 20,000 authors who derive income from Public Lending Rights.

One of the reasons that services still haven't been restored is that the Library relied heavily on ancient bespoke software running on old versions of OS. New IT is being installed that is more proof against modern cyber attacks, but the older library software simply doesn't run in modern environments. So they can't simply restore from backup, they have to port / reimplement some of their operational software.

[0] https://en.wikipedia.org/wiki/British_Library_cyberattack

̶C̶o̶m̶p̶u̶t̶e̶r̶s̶ ̶d̶o̶n̶'̶t̶ ̶n̶e̶e̶d̶ ̶n̶e̶t̶w̶o̶r̶k̶s̶ ̶t̶o̶ ̶f̶u̶n̶c̶t̶i̶o̶n̶.̶ ̶I̶t̶ ̶i̶s̶ ̶p̶e̶r̶h̶a̶p̶s̶ ̶a̶n̶ ̶i̶n̶d̶i̶c̶a̶t̶i̶o̶n̶ ̶o̶f̶ ̶h̶o̶w̶ ̶t̶h̶e̶ ̶c̶o̶p̶y̶r̶i̶g̶h̶t̶ ̶i̶n̶d̶u̶s̶t̶r̶y̶ ̶i̶m̶p̶l̶e̶m̶e̶n̶t̶e̶d̶ ̶c̶o̶p̶y̶r̶i̶g̶h̶t̶ ̶e̶n̶f̶o̶r̶c̶e̶m̶e̶n̶t̶ ̶i̶n̶ ̶t̶h̶e̶ ̶d̶i̶g̶i̶t̶a̶l̶ ̶w̶o̶r̶l̶d̶ ̶t̶h̶a̶t̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶n̶e̶e̶d̶e̶d̶ ̶t̶o̶ ̶b̶e̶ ̶c̶o̶n̶n̶e̶c̶t̶e̶d̶ ̶t̶o̶ ̶t̶h̶e̶ ̶n̶e̶t̶w̶o̶r̶k̶ ̶t̶o̶ ̶l̶e̶n̶d̶ ̶d̶i̶g̶i̶t̶a̶l̶ ̶c̶o̶p̶i̶e̶s̶ ̶o̶f̶ ̶b̶o̶o̶k̶s̶.̶ ̶ ̶T̶h̶a̶t̶ ̶s̶a̶i̶d̶,̶ ̶I̶ ̶s̶t̶i̶l̶l̶ ̶t̶h̶i̶n̶k̶ ̶(̶i̶f̶ ̶t̶h̶e̶y̶ ̶a̶r̶e̶n̶'̶t̶ ̶a̶l̶r̶e̶a̶d̶y̶ ̶d̶o̶i̶n̶g̶ ̶i̶t̶)̶ ̶t̶h̶e̶y̶ ̶s̶h̶o̶u̶l̶d̶ ̶h̶a̶v̶e̶ ̶k̶e̶p̶t̶ ̶a̶ ̶l̶o̶c̶a̶l̶ ̶c̶o̶p̶y̶ ̶o̶f̶ ̶f̶o̶r̶ ̶e̶x̶a̶m̶p̶l̶e̶ ̶P̶r̶o̶j̶e̶c̶t̶ ̶G̶u̶t̶e̶n̶b̶e̶r̶g̶ ̶a̶n̶d̶ ̶o̶t̶h̶e̶r̶ ̶s̶u̶c̶h̶ ̶a̶r̶c̶h̶i̶v̶e̶s̶ ̶o̶f̶ ̶o̶u̶t̶ ̶o̶f̶ ̶c̶o̶p̶y̶r̶i̶g̶h̶t̶ ̶c̶o̶n̶t̶e̶n̶t̶.̶ ̶ ̶E̶d̶i̶t̶:̶ ̶s̶o̶ ̶I̶ ̶r̶e̶a̶d̶ ̶t̶h̶e̶ ̶a̶r̶t̶i̶c̶l̶e̶ ̶a̶n̶d̶ ̶t̶h̶e̶ ̶p̶r̶o̶b̶l̶e̶m̶ ̶s̶e̶e̶m̶s̶ ̶t̶o̶ ̶b̶e̶ ̶m̶o̶r̶e̶ ̶a̶f̶f̶e̶c̶t̶i̶n̶g̶ ̶t̶h̶e̶i̶r̶ ̶a̶c̶c̶o̶u̶n̶t̶i̶n̶g̶ ̶a̶n̶d̶ ̶l̶o̶g̶g̶i̶n̶g̶ ̶o̶f̶ ̶b̶o̶o̶k̶s̶ ̶l̶e̶n̶t̶ ̶e̶t̶c̶.̶ ̶T̶h̶e̶r̶e̶ ̶i̶s̶ ̶n̶o̶t̶h̶i̶n̶g̶ ̶s̶a̶i̶d̶ ̶a̶b̶o̶u̶t̶ ̶a̶n̶y̶ ̶d̶i̶g̶i̶t̶a̶l̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶b̶e̶i̶n̶g̶ ̶d̶o̶w̶n̶ ̶e̶x̶p̶l̶i̶c̶i̶t̶l̶y̶ ̶b̶u̶t̶ ̶i̶'̶d̶ ̶s̶a̶y̶ ̶i̶t̶ ̶s̶t̶i̶l̶l̶ ̶a̶p̶p̶l̶i̶e̶s̶,̶ ̶t̶h̶a̶t̶ ̶k̶e̶e̶p̶i̶n̶g̶ ̶l̶o̶c̶a̶l̶ ̶c̶o̶p̶i̶e̶s̶ ̶o̶f̶ ̶s̶t̶u̶f̶f̶ ̶i̶s̶ ̶u̶s̶e̶f̶u̶l̶.̶

So my comment is not relevant, and should be ignored. Managing the metadata of this scale is certainly no easy task without computer systems.

This happened in Toronto last year and knocked out the system entirely for four months. It seems that libraries are a big target for these actors. I wonder who they are, and what their agenda is?

More than just books, this is internet for people without home internet:

> “A lot of people come here for internet access, so it’s been quite a blow to the community,” a librarian at the Greenwood library said.

> Some individual library branches have put together lists of nearby places that could offer similar services. But they’re not great.

> The downtown library recommends a FedEx, a quarter mile away, but internet access costs 39 cents a minute. There is a public law library in the King County Courthouse, but computers there are intended for legal matters only. The nearest branches of the King County Library System are all about 40 minutes, by bus, from downtown.

What an enormously awful impact this weasel hacker / group has imposed upon innocent people. It's not bloviating to say this is what evil looks like: is causing suffering and further dividing a group of people from those that do have home PC/internet, for no good reason.

Whenever I hear about ransomware attacks, I wonder how anyone could pay for IT services to set up a system where:

1) there are no meaningful, clean backups and 2) regular users can overwrite many / most files 3) and/or administrators use machines that are easily compromisible 4) and/or the system is built on insecure technology

The fact that 1) could negate 2), 3) and 4) means people are doing IT and are taking good money from corporations or taxpayers when they absolutely should not.

So when there are things like this in the news where large numbers of users are affected, I can't help but wonder why we don't see IT companies getting strung up (figuratively, of course) and publicly embarrassed for each and every one of these incidences.

re-lend from home ?

"Book checkouts are being done by spreadsheet. Column A: the library user’s account number. Column B: the book’s bar code number. The low-tech inventory will be integrated with the library’s normal account system at some future, unknown date."

- this is how we did it not too long ago; and before that, we had a signout card, held by library until return.

before that was a handwritten ledger.

I would bet good money they some “whiz technology person” is now rabidly trying to figure out how to turn the card catalog into an “offline saas digital lending service” and pitch venture for a $2M pre-seed to pitch libraries on it