How to Create Digital Publicity – A Guide for New Authors

In the good old days, everyone knew how to carry out publicity. A few months before publication, you met with your publicist. You discussed various possible publicity angles (about the book, about your own story, and so on). Your publicist tried to arrange a serialisation deal (where newspapers print extracts before publication). You whacked out review copies to all the major newspapers. Perhaps you hassled around to get a little PR on local or national radio. Maybe even TV.

And that was that. Job done. Sometimes it worked, sometimes it didn’t, but you’d done what you could.

These days, it’s more complex. Newspapers have far less space given over to books and many more readers don’t consume traditional media anyway. Naturally, those all-important eyeballs have migrated to the internet and any genuinely competent PR campaign today has got to find ways to reach surfers.

Self-published authors are well aware of these facts and have long been reasonably deft about attending to their digital platform. Writers aiming at traditional commercial publication, however, have tended to think that all they need to do is address their writing. Publishers will do the rest.

That attitude is profoundly wrong. I know of only one publisher in the UK that makes a realistic attempt to help their lower budget authors with digital publicity. The others think they help but really don’t. So, almost certainly, even with a literary agent and a publisher on your side, you’re on your own.

Clearly digital publicity is potentially an endless brief. You’ll need a website, yes. A blog, for sure. A presence on Facebook, ideally. A twitter feed – you know you ought to. And what about forums? And Goodreads? And Lovereading? Potentially the journey is infinite.

I’ll outline a more detailed set of guidelines in a future post, but for now, the things you need to know are:

One, you and you alone are responsible for building a digital footprint. You may get help from elsewhere, but don’t count on it.

Second, you need to start very early indeed. Digital publicity can be powerful but it takes time to build. A year is a short lead time, so if possible get started now.

Third, you need to understand your own brand. That’s harder than it sounds. If you write non-fiction books about management skills, then clearly that’s your brand, it’s what you’re going to major on in your online work. On the other hand, if you write contemporary fiction, it’s much harder to identify and reach the audience that matters most to you. Nevertheless, you have to try.

Fourth, you need to think from the outset about search engines and how to use them. If you write books about the history of the Papacy, then clearly “Papacy” is going to be a key search term for you. But there are 3,000,000 pages on Amazon that reference the term and the top entries on Google are dominated by big outfits like Wikipedia. Can you realistically compete with those guys? Maybe, maybe not. But it’s a process that requires careful aforethought because the very design of your website and blog will be affected by these decisions.

And fifth, you need to figure out who you are. If you find you naturally love Twitter, then pursue a Twitter-led strategy. If, like me, you really don’t like Twitter but are comfortable blogging, then pursue that. But either way, you do need to persist. Occasional bouts of intensive activity are pretty much useless. This is a stone you have to keep rolling.

It’s sad that authors have to think about these things. It’s more work than in the past, and you get less money not more. But I don’t make the rules – and if you want to succeed as an author, then digital publicity is a fabulous route to success. Some self-pub authors have sold a million books through online means. That’s the kind of track record that would have your literary agent speechless with admiration. So it can be done. You need to do it. Go for it – and good luck.

Is There a Future for Public Libraries? How Will They Evolve As E-Books Eclipse the Paper Book?

In the battle between traditional books and E-books, many would say traditional books are on the path to retreat. While Kindles and Kobos provide a simple, compact, technological alternative to the burden and clutter of weighty paper tomes, it may be hard to argue in favour of the traditional book. E-books and E-readers make accessing literature as simple and convenient as the click of a mouse. Compare that to the tactile experience of traveling to a book store or library, searching bodily for a volume and physically carrying it to and fro.

But do the boons of the changing literary technology render the traditional book and it’s once ubiquitous community outlet – the library, obsolete?

To me, a frequent library patron and lover of books, it would be a crying shame to close the communities’ libraries. In the matter of the physical book versus the electronic version, it can be a matter of personal preference. Some prefer to collect and build up their bookshelves, some just like the feel of thumbing the pages, for others it goes further involving nostalgia and childhood memories. But is the practicality of housing, transporting and manufacturing the paper book becoming simply not worth it?

I could go on about the virtues of the paper book and how I believe enthusiasts like myself will ensure they never completely fade away. But the library issue is about more than paper vs click. Many would argue that as long as people are reading, what matters the format? E-books are cheaper, easier on the environment, available at a click. True, all true. But let’s get back to libraries.

If E-books, and the receding popularity of reading in its traditional sense are to blame for the closure of libraries then the libraries must evolve. And many are. Many libraries across the modern world are digitizing their collections. Unfortunately government cuts in funding to public libraries have been increasing steadily since the 1990s. Ironically, this makes it difficult for libraries to modernize, making themselves more accessible to today’s public.

Many of you might be thinking back on the last time you set foot in a public library. Was it that research paper in 4th year? Yes, library attendance is going down. But for a large segment of the population it provides a much needed haven. For years libraries have been providing a bridge over the digital divide, providing computer and internet access freely to the public. Providing a warm place to go, learn and feel connected is a vital service our community needs.

So all that to pose the question:

Do you see an evolution or an extinction of the world’s public libraries?

Digital Signatures and Suppress-Replay Attacks

Digital signatures are seen as the most important development in public-key cryptography. Sun Developer Network states, “A digital signature is a string of bits that is computed from some data (the data being “signed”) and the private key of an entity. The signature can be used to verify that the data came from the entity and was not modified in transit” (The Java Tutorial, n.d.). Digital signatures should have the properties of author verification, verification of the date and time of the signature, authenticate the contents at the time of the signature, as well as be verifiable by a third party in order to resolve disputes. Based on these properties, there are several requirements for a digital signature. The first of these requirements is that the signature must be a bit pattern that depends on the message being signed. The next requirement is declared in order to prevent forgery and denial. It states that the signature must use some information that is unique to the sender. The third requirement is that it must be fairly easy to generate the digital signature. Being relatively easy to recognize and verify the digital signature is another requirement. The fifth requirement states that it must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. The last requirement is that it must be practical to store a copy of the digital signature. Many approaches for the implementation of digital signatures have been proposed, and they fall into the direct and arbitrated digital signature approaches (Stallings, 2003).

The direct digital signature involves only communication between the source and destination parties, and the arbitrated digital signature schemes include the use of an arbitrator. The direct digital signature is created by encrypting the entire message or a hash code of the message with the sender’s private key. Further confidentiality can be provided by encrypting the message in its entirety and adding signature using either the receiver’s public key or a secret key shared between the sender and receiver. One weakness in the direct signature scheme is that a sender can later deny having sent a message. Another weakness is the threat of a private key being stole and sending a message using the signature. Both weaknesses are the primary reason for the arbitrated digital signature scheme. In arbitrated scheme, a sender’s message must first go through an arbiter that runs a series of tests to check the origin and content before it is sent to the receiver. Because the arbiter plays such a crucial role, the sender and receiver must have a significant amount of trust in this arbitrator. This trust in the arbiter ensures the sender that no one can forge his signature and assures the receiver that the sender cannot disown his signature (Stallings, 2003).

The issue of replay attacks is a main concern when dealing with mutual authentication when both parties are confirming the other’s identity and exchanging session keys. The primary issues with mutual authentication lies in the key exchange: confidentiality and timelines. Timelines are susceptible to replay attacks that disrupt operations by presenting parties with messages that appear genuine but are not. One type of replay attack is suppress-reply attack that can occur in the Denning protocol. The Denning protocol uses a timestamps to increase security. The issue here revolves around the reliance on clocks that are synchronized throughout the network. It is stated, “…that the distributed clocks can become unsynchronized as a result of sabotage on or faults in the clocks or the synchronization mechanism” (Stallings, 2003 p. 387). Li Gong states, “…the recipient remains vulnerable to accepting the message as a current one, even after the sender has detected its clock error and resynchronized the clock, unless the postdated message has meanwhile been somehow invalidated,” which is unlikely. If the clock of the sender is ahead of the receivers and the message is intercepted, the opponent can replay the message when the timestamp becomes current. This type of attack is known as suppress-replay attack.

In order to address the concern of suppress-replay attack, an improved protocol was presented. Here are the detailed steps.

1. “A initiates the authentication exchange by generating a nonce, Na, and sending that plus its identifier to B in plaintext. This nonce will be returned to A in an encrypted message that includes the session key, assuring A of its timelines.

2. B alerts the KDC that a session key is needed. Its message to the KDC includes its identifier and a nonce, Nb. This nonce will be returned to B in an encrypted message that includes the session key, assuring B of its timeliness. B’s message to the KDC also includes a block encrypted with the secret key shared by B and the KDC. This block is used to instruct the KDC to issue credentials to A; the block specifies the intended recipient of the credentials, a suggested expiration time for the credentials, and the nonce received from A.

3. The KDC passes on to A B’s nonce and a block encrypted with the secret key by A for subsequent authentications, as will be seen. The KDC also sends A a block encrypted with the secret key shared by A and the KDC. This block verifies that B has received A’s initial message (IDB) and that this is a timely message and not a replay (Na), and it provides A with a session key (KS) and the time limit on its use (Tb).

4. A transmits the ticket to B, together with the B’s nonce, the latter encrypted with the session key. The ticket provides B with the secret key that is used to decrypt EKS[Nb] to recover the nonce. The fact that B’s nonce is encrypted with the session key authenticates that the message came from A and is not a replay” (Stallings, 2003 pgs. 387-388).

This protocol is not vulnerable to suppress-replay attacks due to the fact that the nonces the recipient will choose in the future are unpredictable to the sender (Gong, n.d.).

In conclusion, digital signatures are seen as the most important development in public-key cryptography and include direct and arbitrated digital signature approaches. The direct digital signature involves only communication between the source and destination parties, and the arbitrated digital signature schemes include the use of an arbitrator. Suppress-replay attacks can occur if the clock of the sender is ahead of the receivers and the message is intercepted. This allows the opponent to replay the message when the timestamp becomes current. This issue is overcome by the implementation of a protocol that uses timestamps that do not require synchronized clocks because the receiver B checks only self-generated timestamps (Stallings, 2003).

Works Cited
Gong, Li (n.d.). A Security Risk of Depending on Synchronized Clocks. ORA Corporation and Cornell University. Retrieved November 5, 2005, from

Stallings, William. (2003). Cryptography and Network Security: Principles and Practices. New Jersey: Pearson Education, Inc.

The Java Tutorial (n.d.). Sun Developer Network. Retrieved November 5, 2005, from