Thursday, April 29, 2010

Easier password security

Dear Students,

I am frequently amazed at how trusting students are when it comes to computer security. I find computers unlocked, and running. Frequently. It would be trivial (to pick a completely random example) to quickly install a program from a USB stick that would allow access to the computer remotely. Or to downgrade the account so that the student couldn't play games, install programs, change their own security settings, and ensure that the computer only worked between the hours of 1PM to 2PM each day. That would be horribly, horribly inconvenient, but at least the damage is confined to you. The more likely possibility is that somebody would think it was hilarious, cyber-bulling consequences not withstanding, to email all of your friends and family some embarrassing comments, or even rummage around your hard drive looking for some embarrassing photos to attach and send off to your entire address book. Brentwood takes cyber-bullying extremely seriously - schools that don't aren't nice places. If the hacker is evil and clever, they'll just ensure they have access to your computer later, and access your accounts the next time you're traveling (and it would be trivial to determine where you are with access to your email, your Facebook account, etc). Then, when the time is exactly right, email your friends and family with a plea to send emergency money because you've been mugged and are stuck in a foreign country, or whatever other lie they think will convince your loved ones to give them cash. It's important to protect yourself - you wouldn't fail to lock your car, why fail to lock your computer?

So, to be clear:

LOCK YOUR COMPUTER WHEN ABSENT.

Secondly, don't tell anyone your password. If you wish your friends to have access to your computer, give them their own (limited) account, with their own password. Yes, giving out your password is a remarkable display of trust - so's giving out your house keys, car keys, and diary. Friends can become ex-friends extremely quickly - and do you really want your ex-friend in charge of your status updates and photos online?

I work in a large high school and in the past few weeks the same student walks in and mentions his work gets deleted from his area and he has to get his password changed as it no longer works.
Every week the techs restore the work and change the password to something random and complex.

On the fourth time I manage to meet this unlucky chap and ask "when we restore your files and change your password, what do you do?"

Student - "oh I change it back to the original one of my name and date of birth so I can remember it and then tell my best friend as we all use mine because they dont remember theirs


There are, of course, two mistakes in the example - telling other people the password, and making the password ridiculously easy to guess. Using normal words for passwords is also a problematic - remember that unlike T.V. people don't guess passwords individually, they set up a computer to guess thousands of times per second using dictionaries and other common passwords. Other problems include using the same password for all sites, as well as writing passwords on a piece of paper...and then sticking it on your monitor. (Or putting it in a desk drawer - oh, clever. It will take a whole extra second to find...) The difficulty with one password for all sites is the if one becomes compromised, they all do. It may not matter of someone hacks into your account for leaving comments on a blog, but if they can use that to get into your bank account, Facebook friends, or online email it's quite another.


It often seems, however, that it's a catch-22. If I don't write a password down, I need it to be something I can remember, which means someone might be able to crack it. If I do make it complicated enough (i.e. minimum 8 characters of a mixture of letters, numbers, and/or symbols), then I need to write it down somewhere so that I can refer to it often - which opens up the possibility that someone would find my note.

The neatest solution I've seen to this problem in awhile is http://passwordcard.org/ . The website will generate a unique set of random numbers and digits that look like so:



And I know you're saying "Thanks Mr. Neufeld, just what I needed - another set of incomprehensible letters and numbers". Actually, you're probably not saying that, but it's my imagination and I'll do what I want with it.

The usefulness of the card is that the card itself allows one to meet the duel purpose of having passwords that are hard to crack by people 'out there', and have something that can be taped to your monitor, put in your wallet, etc, to refer to. As an example how it works, let's say you are going to use an 8-digit combination for your online bank password. Rather than memorizing a complex string, I remember "green happy face". Going down from the happy face symbol at the top, and the green line, my new password is "RVffH3y8" which is more than sufficient to meet security requirements, and difficult to hack.


Even better, I can print out this card, have it laminated, and put it in my wallet in case I forget the password. I can tape it to my computer, keep copies in my desk, etc. It doesn't matter if someone sees the card - there are literally thousands of combinations that are possible, running the combinations forwards, backwards,


up, down or any other easy-to-remember pattern:


I can use it and not even worry if someone is reading it over my shoulder, I lose my wallet, etc. I have the convenience of keeping my password written down when I need it, but without the added worry that it could be found and used by someone else. The website also gives the option to include a few rows of only numbers (for things like PINs) and can include symbols (just to take security up that extra notch).

As well, don't have the same security password for different purposes - the password I use for my blogs should be different from the password I use for my bank. The security of some websites varies in quality. I've even had one website directly email me my password when I successfully convinced them that I didn't remember it - if something is sent in a plain email then that password has been compromised, and was never secure to begin with. Websites with proper security and encryption would either reset your password and email you a random temporary one, or a link to reset your own password. If you can read it in your email, then you can assume anybody else between you and the servers could have read it too.

So I use the card to generate multiple passwords:


In this particular example I just remember "Green Happy face down" for RKbUzQL6, and "Red Umbrella Up" for FbtECqL9. Both are difficult to hack, but I can carry both with me at all times.

If this appeals to you, I'd recommend generating a unique version at http://passwordcard.org/ and then copying that picture and printing off several colour copies. Laminate one for your wallet, put another in your safe or file cabinet as a back up.

Passwords are your first, second, and last line of defense for your personal identity - if you spend a little time creating a secure system, you will have much less to worry about later on.

Regards,

Ron Neufeld
Canada's Best Boarding School

Saturday, April 17, 2010

Better Google search, Socials resources, Twitter

Dear Students,

Given the short supply of that most precious of all resources (time), I will start with a summary of links to tools and discussion items for those that would like to explore without reading through the explanations and context that I've embedded them with. Besides, if it's not relevant in the first few sentences Andrew told me he deletes the email.
  1. Searching within a domain such as education (.edu) or government (.gov) - using the "site:" search function.
  2. Using Google for definitions.
  3. Google Scholar
  4. There is no 4.
  5. Google Earth
  6. World War Battle sites for Google Earth
  7. CBC Archives
  8. Searching Canadian government sites with site:gc.ca
  9.  Demonstrating scale.
  10. Teaching About Web Includes Troublesome Parts
  11.  Oh my! Twitter makes history for Google search
  12.  Library of Congress archiving Twitter
  13. Google making Twitter searchable
I was recently reminded of the importance of proper searching in Google. As I move through the day with my CDS (Caffeine Delivery System), occasionally someone will make the mistake of trying to claim that aspartame is dangerous, on the basis of some questionable website that informed them that aspartame is a 'chemical' and there exists a vast conspiracy to hide its toxic effects.

The problem is that when people (and of course I) search with something like Google, the most common way to use it is with simple search terms, i.e. "aspartame toxicity". The first page to pop up after such a simple search is one selling a book, and is a well-known contributor to conspiracy theories about aspartame toxicity. When distinguishing between fact and fiction, the most popular sites given by a simple search are often the least reliable.

Alan November mentioned using the "site:" command on Google to help eliminate unreliable search results. For example typing "site:.gov OR site:.edu aspartame" selects only websites that contain the word "aspartame" from either U.S. government sites (such as the U.S. National Institutes of Health) and educational sites from universities and schools (also in the U.S. - Canadian universities don't have a similar URL that can be used as a search criteria). The results give a completely different picture of aspartame. One the first page there is a link to the chemical formula and its history, several sites mentioning, and then debunking, the aspartame conspiracy/toxicity myth. Since using this method removes the .com's, the .net's and the .org's - all of which can be bought by anybody, for any reason. Lots of good sites are removed as well, but using this as a 'first search' helps pinpoint the reliable information first, before going to a more general search. Such search techniques save valuable time, as less time is spend sorting through credible and non-credible information. This search example uses the "OR" command, which means it retrieves resources from either government or education sites - for a narrower search (such as only searching educational site) the "OR" command and the other search criteria can be omitted.

Google has a lot of useful methods to distinguish and refine the information you're looking for. In Biology 12 class some students forgot their textbooks and needed definitions while working on a worksheet. Rather than retrieving their textbook, they used the "define:" command in Google. Typing "define: androgens" returns a list of possible definitions from multiple sources - a quick read reveals to the student that this is a general term referring to male steroid sex hormones. I think I prefer this method over the "The Textbook" gives multiple definitions, different nuances, and highlights that it's the concept, and not the exact sequence of words, that's important.

In the same class a comment arose about sugar intake in children and its positive correlation to hyperactivity - a belief long held by teachers and tired parents everywhere. Rather than using the previously mentioned "site:" command, we checked directly using "Google Scholar". Typing "sugar behavior children" into Google Scholar immediately returns relevant results, with the most recent studies first. The first link is a meta-study debunking the sugar-hyperactivity myth. Of course not everyone is trained to know the difference between good studies and bad studies, double-blind and proper controls, but at least with this search you're in the right ballpark for seeking truth, even if it ends up in left field somewhere. Compared with a general Google search for "sugar behavior children", which does have both good and bad results on the first page, but the very first result is an author selling a book and a disease model of 'sugar sensitivity' to worried parents. Google Scholar is an excellent resource for research project, again saving time that would be otherwise spent trying to determine if a website is a reliable source of information or not.

If you're doing a project or presentation that involves a particular location, say for Social Studies or history, Google Earth has some nice tricks. Google Earth has the capability to put an overlay of a battle, building, or historical map. Being able to zoom in to a current location, and then overlay older images to give context to historical events would make any presentation much more relevant. You can download and install Google Earth here : http://earth.google.com/intl/en/download-earth-advanced.html , and you can download world war battle sites here : http://www.gearthhacks.com/userfiles.php?user=1698 .

Another resource to impress your Socials teacher - the CBC archives : http://archives.cbc.ca/ . Keeping with the world war theme, I listened to a radio broadcast from April 7, 1945, a Canadian reporter gives an account of the atrocities from a camp Canadian troops captured the day before.

Pausing before a brick wall splattered with blood and brains, the CBC's Matthew Halton tells Canadians back home about the atrocities committed by the Nazis. A day after Canadian troops capture a Nazi camp near Zutphen, Netherlands, Halton visits the site. He describes a trail of "slime and abominable crime," reporting that the worst thing you've ever read in any account of Nazi atrocities was there: "I saw and I was sick."


Serendipitously four other possible Social Studies sites were tweeted in the past week. The history site for Veterans Affairs Canada (http://www.vac-acc.gc.ca/remembers/sub.cfm?source=history), the history of federal ridings (http://www2.parl.gc.ca/Sites/LOP/HFER/HFER.asp) the Canadian Military History gateway (http://www.cmhg-phmc.gc.ca/html/index-eng.asp) and the Aboriginal Canada Portal (http://www.aboriginalcanada.gc.ca/acp/site.nsf/eng/ao04588.html). All are great resources, but similarly to the first topic I notice that the Canadian government seems to have settled on a site URL: ".gc.ca".
This brings up the possibility of directing students to include searches that specifically search the Canadian government's website for information using the "site:gc.ca" command on Google.

For example, what reliable information does our government provide on the Vietnam war? Google search site:.gc.ca vietnam war . I've found both the Canadian and American government site searches (.gc.ca & .gov respectively) give a lot of excellent scholarly and reliable information. Stuck looking for a Canadian perspective that you can't find on the web? I'd try this first.

I couldn't leave without at least one technology tool devoted to science: http://learn.genetics.utah.edu/content/begin/cells/scale/. This is a wonderful flash demonstration showing relative sizes from a coffee bean to a carbon atom - scale is hard to grasp and this little tool does a great job of getting it across. Thanks to Andrew in Bio12 for bringing it to my attention.

For discussion there is a NYT article titled "Teaching About Web Includes Troublesome Parts" suggests rather than shielding students from the Internet teachers should be educating.  As well a blog article "Oh my! Twitter makes history for Google search" commenting on the fact that the Library of Congress is going to archive every public Twitter comment made, right back to its inception in 2006, and Google is also going to make all comments searchable. As an archive for history and posterity, there is a wealth of data.

I remember when it was announced that ice was found on Mars. How was this news first announced? TV, Newspaper, or blog? None of the above - it was tweeted from the Twitter account of the Mars Phoenix Lander directly (sadly, the little guy seems to have died). From breaking news to marriage proposals, our collective Tweets are being saved for posterity. It's likely that when your kids are in school they will study 'famous tweets' in much the same way we study 'famous speeches' today.

Regards,

Ron Neufeld

Canada's Best Boarding School

Thursday, April 8, 2010

Tool for video projects, Margaret Atwood, homework help, and some crazy.

Dear Students,

First a new tool for student video projects, Margaret Atwood, some helpful science / math video prep links, and some crazy.
The neat new tool is JayCut, a free online video editor that offers the ability to export the videos to YouTube or download directly in different formats. Something like JayCut gives everyone, from teacher to student, a common platform to work and edit their projects. Working on a group video project where members have a mixture of Macs and PC's? Share an account to collaborate during prep or otherwise separated by time and space. Oh, and speaking of Macs, here's a completely unrelated vid on how to make an iPad float.

I noticed that Margaret Atwood has become Twitterfied. There's a recent article "How I learned to love Twitter" which helps explain how being part of Twitter is about being part of and developing a community. I remember reading Margaret Atwood when I was in school. At the time I thought she was one of those dead Canadian authors. Apparently I was wrong. The ability to observe (and possibly interact with) the authors of books under discussion seems an intriguing development.

For those in Math or Science I would recommend checking out Khan Academy; a comprehensive set of YouTube videos on Math, Chemistry, Physics, Biology, arranged by topic. If you need a quick tutorial, they seem quite good. The final link is to the blog "Bad Astronomy", the author has been updating his site with some pictures from the HiRISE camera and has caught some martian avalanches (click to get a massively enlarged picture).

Lastly, some newsyish items that are related to education and to technology. (By technology, I mean I read about it online and it caught my outrage long enough to pay attention. That's a significant selection bias.)

A student in Mississippi (Constance McMillen of Itawamba Agricultural High School) wished to take her date to the prom, but there was a little snag. Her date was of the same gender, which was against school policy. This request was denied, and Constance was also told that if they arrived separately but danced together they'd be thrown out. Oh, and girls aren't allowed to wear a tuxedo either. You can check out the story here, and a Facebook fan page here. But wait! It doesn't end there. Apparently, feeling pressure afterwards, the school did decide to hold the prom. Except that it is looking like it was a decoy prom, that only Constance and a few other (presumably also less popular) students were invited to, while the 'real prom' was held somewhere else. It's not confirmed that the school officials were involved in the deception...but knowing what's involved in planning any event with students it would be difficult to defend the position that they did not. And the historical parallels alone...

Secondly item - I made the mistake of going to the Fox News 'health' section (in my defense I found that the health section of USA Today was blocked by our proxy, and I wanted to check if it was all news sites, or just some), and I found this: Sex Education Could Mean Charges for Teachers. The logic is thus: teaching about contraception encourages sex, minors are not allowed to have sex, therefore teachers who teach about contraception are guilty of sexual assault. This is the opinion of a district attorney (in the U.S.). Despite the fact we're studying the reproductive system in Bio12, class will not be canceled. Sorry.

Regards,

Ron Neufeld
Canada's Best Boarding School

Monday, April 5, 2010

eLearning tools and news for April 5, 2010

Dear Students,

You've probably already heard about the school that's facing some criticism for 'the ultimate spyware' (spying on its students while said students were in the privacy of their own home). If you hadn't, apparently the school had the ability to remotely turn the webcam on and off  - http://education.change.org/blog/view/school_uses_laptops_to_peer_into_students_bedrooms. (Here we just walk to your room and ask you what you're doing .)

A new "Did You Know 4.0" for Sept 2009 (numbers and references are to the U.S.) - http://www.youtube.com/watch?v=6ILQrUrEWe8, as well there is "An Open Letter to Educators" from YouTube - A rant about institutionalized education that's been pinging around the blogosphere - http://www.youtube.com/watch?v=-P2PGGeTOA4 . Interesting for a discussion on what you need to get out of a class.

For those of you with an iPhone or iPod Touch - Top educational apps for iPhone / iPod Touch  - http://www.speedofcreativity.org/2010/03/01/top-10-education-apps-for-ipod-touch-and-iphone/ .

An article on why teachers should blog - http://teachpaperless.blogspot.com/2009/09/why-teachers-should-blog.html. I would add that it indirectly presents an excellent case of why students should blog as well, and the last article is "Is Internet access a civil right" - http://teachpaperless.blogspot.com/2010/02/yes-internet-access-is-civil-right.html.

For a 'last resource', a video from TED. If you have not, investigated TED, you should. TED is a small nonprofit devoted to "Ideas Worth Spreading", and invites interesting speakers to conferences and makes these speeches available online. The topics and ideas may be controversial, but always thought provoking and interesting. My latest favorite directly addresses the interplay of science and ethics and defends the idea of objective moral standards - http://www.ted.com/talks/sam_harris_science_can_show_what_s_right.html - worth the 23min (although disclosure of all bias, I teach Science & Ethics and find it fascinating in and of itself). I will arbitrarily assign this to my Science & Ethics 11 class for later discussion. If your classes include any kind of discussion component, check out TED if you haven't already.

Cheers,

Mr. "if you can't do it on a computer, it's not worth doing" Neufeld
Canada's Best Boarding School