Taste of Tech

I just finished listening to the “Multimedia” episode of the Web EdTech Podcast. At one point in the conversation, John Rappold and company were discussing web filtering in the schools. They struggled with the question of what types of content should be blocked by the web filter, and who should be making those decisions. In most school districts, when teachers disagree with the filtering decisions, they generally appeal to the technology coordinator to get sites unblocked. Here’s a short piece of the conversation:

John Rappold: Schools that block Flickr, who’s making those decisions?

Ryan Collins: I’m assuming the tech coordinator.

Alvin Trusty: Usually. I think that’s right.

John: Who should be making the decision?

Peggy Whyte: I think it should be a committee of teachers and administrators in conjunction with the tech coordinator, and there should be a well-defined process to go through to get sites unblocked, with some pedagogical reason for the unblocking.

Ryan: I concur. Excellent.

John: And how do you make that happen?

Yesterday, I had almost an identical conversation at a meeting of area technology coordinators. We often get pushed into the role of “Information Gatekeeper,” just because we have the technical ability to block and unblock resources. Most everyone agrees that the technology coordinator shouldn’t be the ultimate decision-maker when it comes to Internet filtering, but most schools don’t have a better solution.

We struggled with this issue last year, and came up with a solution that works really well. In our district, any staff member may request that a web site be blocked or unblocked. Maybe there’s some site that has really valuable content that they can’t access. Maybe they’ve seen students accessing inappropriate content that should be blocked, but isn’t. They can make a filter review request by filling out a web form. Basically, the form asks for the address of the site, whether they think it should be blocked or unblocked, and a justification for their request.

When they submit the form, an email is sent out to everyone on the review team. The 7-member team currently consists of the media specialists in all of our schools, plus one principal and the technology coordinator. We initially invited all of the principals to join the team, but only one was interested. These people can review the site and enter an opinion to either approve or deny the request. Their decision is based on a set of defined guidelines that reflect a desire to provide reasonable access to web resources while still protecting students from accidental exposure to inappropriate content. Review team members can also enter comments, which are eventually sent back to the request originator. When four people agree, a decision is made automatically, and everyone is emailed the outcome. If filter setting need to be changed, the tech coordinator is responsible for taking care of it at that point.

The whole process generally takes about two hours. In some cases, it can all happen in a few minutes. Since starting this procedure in December, 2006, we’ve had 85 review requests, including 80 to unblock sites and five to block them.

The interesting thing is that about 44% of requests are denied. Some of these are cases where the teacher has the wrong web address (”Can you unblock whitehouse.com please?”). Others are cases where resources may be acceptable for high school students but inappropriate for elementary students. Having the committee allows us to make filtering decisions that reflect the needs of the entire school system, rather than relying on the sole judgment of an individual.

The Recording Industry Association of America considers you a criminal. They sue people for sharing music online, sometimes using questionable legal tactics. They also consider it illegal for you to copy music from a legally-acquired CD to a computer or MP3 player. If you run a radio station, you have to pay licensing fees to play commercial music on the air. That’s a 180-degree change from the old days, when the record companies would pay you to play their music. If you have a business, and want to have music playing in the building, you have to have a license, because some people will apparently hang out at your place of business to listen to music rather than buying a copy for themselves. The same is true if you want to have hold music on your phone system. I know I regularly call up technical support and ask them to put me on hold so I can listen to the latest tunes from my favorite artists. If you want to broadcast music over the Internet, God help you.

Some artists have figured out that the RIAA/ASCAP road is not for them. With the changing music industry, artists make more money from live performances than they do from recordings. Getting their music out there and being heard is more important than the dime they would get from an iTunes download. This has led some artists to move to Creative Commons licensing for their music.

For the uninitiated, Creative Commons is a set of licenses that allows the content creator to determine what people can do with a work. You can, for example, allow non-commercial use of a work with attribution. That means that anyone can use it for non-commercial purposes, as long as they give you credit. Different options exist for commercial use, derivative works, and restrictions on licensing of derivative works.

So, if you’re a teacher and you want to use a Creative Commons song in your class, you can. You can also put it on your web site, or include it in a podcast. You can play it in a Powerpoint presentation. You don’t have to worry about whether it’s fair use. You don’t have to go through the ridiculous guidelines to determine whether you’re going to go to jail. You can just use the work.

Where do you find this music? Well, there are close to 8,000 albums on Jamendo. That might be a good place to start. Podsafe Audio also has quite a collection of Creative Commons music. There’s also a smaller collection on Opsound. CC Hits is a Digg-style site where users rate Creative Commons music. And the Internet Archive has a pretty large collection of CC audio, including quite a bit of music. If that’s still not enough, you can also download four years’ worth of music showcased at the annual South by Southwest conference.

It occurred to me that I could download a bunch of this music, and then use it in my district. We have a public access cable channel, for example, that doesn’t have any audio. We could use the CC music there. We could also use it as the hold music for our phone system. There are lots of places where it’s nice to have some music available, and even nicer when you can do it without going to jail. I could even stream this stuff, and then anyone could access it.

But I don’t need to. There are already streams available. Musopen has a stream of CC classical music that would be very nice for these applications. ISG also has a stream of CC music, though it mixes all of the genres together. I’m sure there will be more of these springing up as the quality and selection of Creative Commons Music continues to improve.

I’m not a bleeding edge kind of guy. I don’t generally install new software right away. I wait for the bugs to be worked out. I let a couple minor revisions go by. Then, I upgrade, but only if there’s something that the new version has that I need.

So why am I so frustrated with Wordpress? After all, it was less than a year ago that I was complaining that new releases of the blogging software were annoyingly frequent. A delay in the release of Wordpress 2.5 shouldn’t be a big deal.

Here’s why it is, though: last year, I decided to skip every other upgrade for Wordpress. Since their schedule called for new major releases every four months, that would mean that I’m upgrading the product every eight months. That’s a good pace. It keeps me from falling too far behind, and yet it means that I still have time to do other things, too. I have 70 blogs installed on my server, and upgrading them is a daunting task. Add to that the needs for retraining staff and re-writing the blog-auto-generation scripts that I use, and the every-other-release approach makes a lot of sense.

So last year, I upgraded Wordpress in the spring when version 2.2 came out. I re-wrote the getting started guide, configured the blog-generation script to use the new versions, and made sure all of our plugins and themes work correctly. In the fall, then, I skipped version 2.3. It introduced tagging for the first time, and when it was released, it was supposed to be a transition between categories and tags. All of this was to be finalized in 2.4, when the transition to tags would be complete. Rather than confuse myself and my users with the tags vs. categories debate, I was happy to wait for 2.4 to be released in December. That way, I could spend some time getting used to it over break, and implement it when returning to school in January.

But 2.4 was canceled. The Wordpress people realized that their schedule was a bit overly-ambitious, and they skipped 2.4 in favor of 2.5. No problem. I’ll just wait for 2.5. It’s scheduled for release on March 10. That gives me two weeks to play with it, and then over spring break I can install it for some of my teachers.

March 10 came and went. The release date was pushed back to the 17th, but that date has passed now, too. Officially, the release date is now March 21, but we’re starting to see how reliable these dates are.

Looking at the Wordpress Trac (which manages the software development), there are still 374 active tickets for 2.5. That’s not a big deal. Many of these are minor problems or feature requests that will ultimately be pushed to the next version. What is a problem is that there are still nine high-priority defects at the moment, with new items being added all the time. We have also just begun to see release candidates. Translation: we’re probably not going to see 2.5 by Friday. I’d be very surprised to see it before April 1. Add to that the inevitable patches and security releases that follow a major update, and I probably won’t be comfortable using it on my blog before mid-April. Then, I can start figuring out which plugins are going to work, and how things are going to change for the teachers in my district using blogs. I’m also strongly considering a move to the multi-user version of Wordpress, but I’ll have to investigate how that will affect the current blogs.

Hopefully, we’ll be switched over to the new system for new blogs before the end of the school year. That way, teachers starting new blogs over the summer won’t have to upgrade. In the meantime, if you want to play with the development version of Wordpress 2.5, you can do so on Chris Johnston’s site.

It’s been a while since we have had a high-profile news story about stolen laptops. You know the story. Some company or government agency or organization had some laptops that contained social security numbers or financial records or credit card numbers or confidential medical information. These laptops were stolen or misplaced or they mysteriously disappeared. The organization notified the affected people whose data might be compromised, and cautioned them to be on the lookout for identity theft.

The costs of this type of data breech can be enormous. According to the 2007 Ponemon Institute study, the average cost of a data breech in 2007 was $197 per record. The average breech contained about 32,000 records, for an average cost of $6.3 million.

In the schools, we worry about the hardware. If someone steals my laptop, I don’t have a laptop anymore. Getting that replaced may be difficult, especially with the eternally gloomy financial picture in public education. But the value of the hardware pales in comparison to the value of the data on it. Sometimes, we forget that.

Sure, we don’t have 30,000 financial records on school-owned laptops (at least, I hope we don’t). So in our case, a lost computer isn’t likely to cost us millions of dollars. But consider these scenarios:

• A special education teacher writes student IEPs on a laptop. Because she doesn’t have Internet access for the laptop, she writes them in Word and saves them on the local computer. Loss of that laptop would be a violation of the Family Educational Rights and Privacy Act (FERPA), because it would give the thief access to confidential student information.
• A health care coordinator keeps track of student medical conditions in a spreadsheet. In case of an emergency, school staff members need to know if a student has severe allergies, chronic medical conditions, medication needs, etc. This information is typically provided to teachers and others who work with kids. A school group goes on an overnight field trip, and this confidential medical file is loaded on a laptop taken along on the trip. If the laptop doesn’t come back, it’s likely that HIPAA has been violated.
• A principal emails a teacher about a confidential personnel issue. Or maybe she sends a message to a group of teachers about a student. Or maybe the counselor sends a message to the principal about something that’s going on with a student. Sure, the email messages are stored on the server. But they’re cached on the laptop. They’re confidential, and they’re available to anyone with physical access to the computer.
• We use an emergency notification system to keep parents informed of school emergencies and weather-related cancellations. I have a data file on my laptop that contains the home, work, and cell phone numbers of just about every parent in the district. There are more than 10,000 phone numbers in the list. This data shouldn’t be on this laptop. I know that. But I was troubleshooting a problem, and grabbed a copy of the file, and forgot to delete it. Sure, home phone numbers are directory information. But work and cell numbers aren’t. (Excuse me for a moment while I go delete some files…)
• I also know better than to let my computer “remember” passwords, but that doesn’t mean they’re not cached somewhere on the computer. I would guess that a determined hacker with my laptop could do some serious damage to my network.

Where is this leading? The best way to secure data is to not make it accessible. Get big desktop computers and chain them to the tables. Don’t connect them to networks, and don’t allow any kind of removable media. The data on the computer is then as secure as the physical security. If you can lock the door, you can protect the data.

But that’s not very practical. We need to have networks to get our jobs done, and mobility has allowed us to become more efficient. But we’ve been reluctant in the schools to pursue data encryption. Our staff members don’t typically choose strong passwords. They rarely change them. And, we’ve had problems with staff members forgetting their passwords, especially over the summer. Using data encryption technologies is a one-way street. If you forget the password, you can’t get to the data. There aren’t any back doors.

Then, there’s the issue of what to encrypt. Training teachers to put sensitive, confidential files in a secure, encrypted location would be difficult and fallible. So up to now, we’ve stayed away from encryption, centralized the storage of data as much as possible, and limited the number of mobile devices in use.

Yesterday, I started playing with the new version of the free TrueCrypt software. This has the potential to alleviate some of these problems. TrueCrypt has a mode that will encrypt your entire hard drive. Once this is done, it uses a boot loader to confirm your passphrase before decrypting and running Windows. If you don’t enter the passphrase, it can’t decrypt the drive. If you boot from removable media, the computer will work fine, but the hard drive will appear to be unformatted. If you take the drive out and put it in another computer, you won’t be able to read it unless you boot from it, and even then you have to have the passphrase.

I installed it this morning on my laptop. Before my computer boots, it asks for the passphrase. After I correctly enter it, the computer boots and runs like normal. But if you don’t have the passphrase, you can’t access the data. Note that this is a passphrase, and not a password. The minimum length for a passphrase in Truecrypt is 20 characters. So we use sentences instead of words. When I was testing this on a different computer, I used “We are not afraid to fail!” as the passphrase. Ideally, I would have included more upper case letters, punctuation, and symbols in there, but I was just trying it out.

Here’s the nice part from a district perspective: the software requires you to make a rescue disk as part of the installation. It waits for you to burn the disk, and checks to see that it’s a working disk before continuing the install. If you have the rescue disk, and the laptop, and the passphrase, you can decrypt the drive.

How would this work, then? The tech department would install TrueCrypt and set a default passphrase. As part of that installation, a rescue disk would be made and kept on file. When the computer is delivered to the user, he or she would change the passphrase and use the computer. If we ever need to recover data, we can do so by booting from the rescue disk and entering the original default passphrase. This gives us access to the data when needed, but makes it sufficiently difficult to decrypt the drive to keep the data safe.

As I mentioned, Trucrypt is now installed on my laptop. I’ll try it for a while and see how it goes. If everything works as I expect it to, we may begin using it on laptops this spring.

Monday was “Read Across America Day.” Pro-reading events took place all over the country. I participated by reading a story to a group of children in North Carolina. My children are attending a big event at Kent State tomorrow, where they’ll listen to stories, make bookmarks and other crafts, and have their pictures taken with the Cat in the Hat.

Tuesday was “National Grammar Day.” I didn’t even know about this one until Thursday, when I heard Grammar Girl’s podcast mentioning it. We were supposed to celebrate by gently correcting people’s grammar. You can see if you’re an offender by taking this quiz. As far as I know, everyone was still recovering from Read Across America Day to put too much energy into National Grammar Day.

Wednesday was “World Math Day.” More than 20,000 schools from all over the world participated in the event, correctly answering more than 182 million math questions. What kind of math did they do? Arithmetic speed tests. You know, flash cards. In real time. Against other kids from around the world. Critical thinking skills? Problem solving? Not necessary. Just tell me what 9 x 8 is. Quick. Just stick the right formula in. A solution for every fool.

Apparently, on Thursday, we were able to return to our normal curriculum. I’m not sure why we need something like Read Across America Day. In most classrooms, every day focuses on reading. Likewise, we shouldn’t only be concerned about grammar one day a year. I talked to an elementary teacher on Wednesday, and mentioned that it was World Math Day. She laughed. “If we observed every special day, we’d never get to the curriculum.” I guess if you want to focus attention on something you think the schools aren’t emphasizing enough, all you need to do is designate a day.

With that in mind, let me humbly propose a few special days:

• Ohio Day. It’s not just for Ohioans anymore. So what if I made it up. Everyone should learn more about the Buckeye state.
• Reaching New Heights Day. Just for one day, let’s stop focusing on minimum standards and getting every kid to meet some arbitrary numeric standard on an achievement test. Let’s focus on the top 10% of the academic spectrum, and see where they lead us.
• True Confessions Day. This is the day when teachers tell students what they actually need to know after they’ve taken the test. What’s the point of math beyond Algebra II? Students need to know it to learn more math. I spent my high school career working up to and trying to get through calculus. Then, I went to college and took it again. I have a minor in math. How often do I use calculus? Never.
• Think for Yourself Day. Everyone has a unique point of view. Everyone has a unique perspective. When someone communicates, they have a reason for doing so. There’s some motivation there. If you can determine what that motivation is, you can consider their words in context, and make up your own mind. That’s perhaps the most valuable thing we can teach our kids. Take my word for it.
• Technology is no Panacea Day. I love technology. I use it all the time. I routinely carry around pockets-full of devices that are powerful enough to launch spacecraft. But they won’t solve all of our problems. We often focus on “automating” unnecessarily complex processes and end up with a complicated electronic system to manage instead of a complicated offline system.

Enough. I have to go get ready for National Rehabilitation Counselors Appreciation Day.