A New Beginning

I am in a new position. My experience as a technology coordinator in a 1:1 environment should come in handy as I have become the Director of Technology at the Cove School in Northbrook, IL. And while a 1:1 initiative is not a definite thing, the writing is certainly on the wall that this is the direction they want. The difference of Cove versus all other schools I have run across in the wish and wanting to go with a 1:1 is that Cove is a special education school that covers grades K-12. It also accepts outside placements from the surrounding areas where IEPs dictate what students are required to have and the plan of education we are to take. Many times students come from their home districts with their own laptops.

Even with all this in mind, in starting the process to see if this is even a viable option for this school, I have several posts I have pooled to get the discussions here started.

The first post is from David Jakes. It is not specific to 1:1 at all, but instead looking at the learning space and how it may need to change.

The next three posts come from TED. One of these posts is again not even specific to 1:1, but instead to the changes in the social media landscape. The 20 minute talk is by Clay Shirky. The other two posts (here and here) are very specific to 1:1 and are presented by Dr. Nicholas Negroponte of MIT who was also heading up the OLPC project. These two videos discuss the tech and changes the OLPC has made.

Finally, you have to think not only of the stuff, but also the staff and students. Will this be viable in this school? One of the things teachers will have to consider are the following.

Why is Gary Stager the Bad Guy?

In the past I noted the brash attempt by Intel to smash the XO in the third world market with the only intention of making money. While the XO is a laptop that is designed and has its philosophy based on education and learning, the Intel "competitor" is focused on more of the same broken philosophy that ed tech has had for some time. That broken philosophy of focusing on a familiar operating environment (Windows) and familiar tools (software) that do nothing but promote cutting, pasting, and no real Bloom-esqe higher order thinking skills out of the box.

So, what is Gary Stager saying in his blog post "The Best Way to Make Enemies .... Do the Impossible" that is so controversial? According to a follow-up blog post, Stager makes clear that this article was refused to be published in two separate "education" magazines. Look, I understand that ad revenue is a big way these education magazines survive, but there is a also a level of intellectual honesty that we all must maintain at the same time. For an "education" focused magazine not to publish an article critical of a product that under-serves students amounts to complete intellectual and academic bankruptcy. It is on a level where Gaileo was placed on house arrest by the Catholic Church for teaching the Sun, not Earth, was the center of our solar system. Such ideas went against the dogma of the Church and threatened its base at a time of religious reformation. Intel and other big laptop manufacturers are, I am sure, threatened by the XO in a similar way. Gary is simply the Galileo pointing out the flaws of other Classmate-type laptops and argues well to the reasoning behind why the XO is a superior product.

We are in a period of education reformation where new technology and "traditional" technology approaches are banging heads.

Thoughts on David's Letter

I found the Open Letter to the Next President in Tech & Learning by David Warlick. I agree with the four point by and large, and offer my suggestions on how to make those four general points. They are not the complete solution, but at least my attempt to suggest a way to meet David's points.

1. Keep politics out of education.

Very difficult to do since school boards are elected entities. However, there is one place where politics can be culled from education. I am, and have been, suggesting the dissolution of the US Department of Education. In lieu of spending money to support and run the department, money could then go directly to the states. The money would be doled out proportionally that takes into account poverty, test score and attendance figures.

2. Widen the definition of accountability.

David's argument to provide more on-the-job training is nothing new. Shop classes have done this very well for years. What has not changed is the way teachers are trained to provide this on-the-job style teaching in the core classroom. We are still product in (worksheets)/product out (worksheet turned around for a grade).

3. Recognize that the greatest assets of our schools are in the people.

I have yet to hear a convincing argument made to not promote the use of performance based pay. The argument against always comes back to the quality of the students. Yet, better teachers are usually easy to identify in a school.

4. We skimp on the arts at out own peril.

Agree 100%. In one disastrous semester at Purdue University (two Fs and a D), the only thing that kept me going to class everyday was marching band practice. You don't need to read Daniel Pink to know that students involved in the arts are usually better students.

Parental Control Blues

One of the nicest features of Mac OS X Leopard are the enhanced Parental Controls. The new Parental Controls allow me the admin, from Workgroup Manager, control such aspects as filtering out profanity in the built-in Apple Dictionary, limit access to certain websites, and even set time limits or windows of login opportunity.

In the hyper-sensitive district I am in with our 1:1 program I decided to implement our standard proxy filtering as well as implement the Parental Controls to further filter Internet pages. Seemed like a good idea at the time.

The bad news is that our proxy server requires a student login or the access will be restricted completely (so no baddies can use our proxy to pass along their bad traffic... see previous post of that fun). What was happening to the best of my understanding from testing this out was the Parental Controls were somehow not allowing students to login to the proxy server. It would not even allow the proxy login dialogue window to popup on the screen. This was the same for Safari and FireFox. The result was ALL Internet traffic was being blocked while outside the district.

The major indication that this was an Apple problem was that from my XP computer at home I was able to setup a proxy with no problems, thus elminating my filter as the culprit.

I was then able to narrow down the problem by using my Macbook Pro to recreate the proxy at home, and again no problems. This led me to start looking into the System Preferences on the student computers. Since I have used this proxy setup now for three years, and this being our first year with Leopard on student machines, it did not take long to track down where the problem lay.

So for the time being I was able to remove the usage of Parental Controls via WorkGroup Manager. Our DerbyTech CIPAFilter does a great job filtering our traffic and I will keep it this way. However, for personal use, the Parental Controls do seem to do a very good job, almost too good.

Post on how to sync your iPhone/iPod Touch with Google Calendar and Contacts

I found this invaluable. Wireless syncing of my contacts and calendar is a big plus. Yeah, I can use the Google App, but I like the Apple Calendar and Contacts on my iPod Touch. Just hope this company sticks around.

http://www.ianfernando.com/2008/sync-google-calendar-with-iphone-3g/

Blacklist Blackmail

I could not remember the blacklist group out of Europe that wants 50 Euros to expedite my removal from their blacklist. Basically, this in a sense is blackmail. I have dealt with several of the blacklists my district IP address was popping up on and it was a quick, speedy, painless recovery. These guys say my IP has to be clear for a week or pay the fee. AT&T, Comcast, Barracuda all quickly got me removed within 24-48 hours.

Instead I just changed my IP, as would any good spammer who would just change their proxy.

Here is the URL for these blackmailers.

http://www.uceprotect.net/

If you use a realtime blacklist, remove them from your service. There are tons out there doing the same service.

I got pwned and blacklisted, now what?!

For all the talk about education and how to help students learn, I sometimes forget that outside our school district is a cold world. I was reminded how cold it is recently.

We had two big problems over the last couple of days with network connectivity outside the building. I worked with Illinois Century Network, Google and DerbyTech today to narrow down to the problem. The two issues were two different degrees of severity:

1. Mail messages were not being delivered from the archive and spam filter to the mailboxes hosted at Google.


2. We were subject to, for lack of a better term, a cyberattack that exploited our proxy web content filter.

The mail service was only partially functioning as of late Wednesday night as Google appeared to have changed the address where our mail was directed. As a result, when an email message was passed to someone in the school district, it got to our mail archive/spam filter and got stuck as our filter could not pass on that message to Google to be placed in the appropriate mailbox. Around 10AM Thursday morning I was able to isolate that problem with the help of DerbyTech and a backlog of messages then started to pour out of the archive to Google.

However, I noticed that this emptying of the archive was taking a lot longer than normal as there was more than normal emails coming in to my mailbox alerting me to someone tripping the content filter.

As it turns out the proxy used by students to filter their laptops at home was compromised. In my attempt to make things a little more transparent for kids to get online at home with their school issued and filtered laptops, I removed the necessity for a username and password. Normally, students would have to, while at home, enter in a username and password to access our filter. If they did not enter in that username and password, then they could not access the filter. Instead, they did not have to enter in that username and password with the changes I made. Their traffic was still getting filtered just like it does here at school. The term for this is an open proxy. Closed proxy would be if they had to enter the username and password.

Unfortunately, the open proxy was available for others to use. My thought was why would someone use a proxy that has a filter on it? However, I have evidence in the form of our firewall sending messages of inappropriate filter hits to my email. As it stands now, there are over 16,000 filter hits from outside our district from places like Dover, New York City, Frankfort (Germany), Berlin, Belgrade, Beijing and Caracas. I was able to trace to these locations from the addresses these hits were coming from. What these people were able to do was run their internet traffic through our network to make it appear that their traffic was coming from our district instead of, say, China. We openly proxied their traffic to other websites making it appear we were the ones requesting access to certain sites.

Here is why spammers would use our open proxy. A known spammer in Belgrade cannot simply post comment spam on a blog because the blog knows that spammer address and will immediately reject it. However, my district is not a known spammer, and has an open proxy. The spammer will send their spam through their firewall to launder the comment and make the blog think this comment is legit. The good news is that our filter blocked over 16,000 attempts to access certain inappropriate sites. Unfortunately these were spam computers programmed to send out several hundred attempts a minute to post comment spam to blogs around the world.

Because of the number of requests being processed through our filter the network loads were very very heavy starting mid day on Wednesday and through to mid day Thursday. That would explain the problems with Google searches coming up with an error. This also explains why there were intermittent outages at our three bulidings and from parents outside the district trying to access online grades as all these people were trying to get down the same pipe as the spammers. The junior high head end did not suffer as much because they only had to go out of the network-- not come into and then go out of the network. Google saw the incredible number of requests for information from our district and saw that as a possible attack or virus. Thus, some people would get a screen like Google was forbidding them to access their site, and making them input a random set of letters into a box to prove they were not a spammer or virus.

Though the earlier inbound mail problem (problem #1) was actually something totally separate, the problem with email messages coming back as undeliverable starting around noon on Thursday was totally related to this cyberattack (problem #2). As spam messages continued to mount around the world on blogs, originating from our address, the realtime filters began to tag us as a spammer. Comcast, AT&T and Barracuda began bouncing messages from us. The error messages received on the bounce I had never seen before, but clearly provided links that we were now beginning to be known as a spammer address.

With this information, and with help from Illinois Century Network, Google and DerbyTech, I was able to close the proxy (DerbyTech), ensure the attacks were slowing down (Illinois Century Network), and begin to restore our address as a legit non-spammer (Google). As it stands now, I have re-instituted the need to input a username and password to use our proxy. I have taken the steps to get our district cleared on any blacklists that would reject our emails, and it looks like most are again accepting our emails. Our network loads are back to normal and ICN will continue to monitor for the next few days to ensure there isn't another attack. The spammers will continue to attempt, but as they need to enter a username and password they should begin to remove us from their list of open proxies.

The good that has come from this incident has me looking more at ways to prevent this in the future. Setting up an SPF record for our domain is a start. I also cleaned up the accepted mail relays from our email archive system. And I am now considering implementing more stringent authentication for the proxy which is available to us, but in my limited capacities I have to find the time to set this up.

Hmm. I wonder if those students in my district are still learning?

P.S. Getting off these blacklists on the surface seems simple, but it truly is a painstaking process. I even found one blacklister in Germany who wanted to charge me 50 Euros to be removed from their list OR I had to wait 7 days since the last indicated malicious activity. THAT sounds like robbery.