A Modest Proposal

No, I am not suggesting that we should cook and eat software vendors. (Although...)

Blackboard is apparently entertaining purchase offers. It's a shame all the IHEs can't band together and buy it. It'd probably be cheaper in the long run than dealing with Blackboard itself.

Just a thought...

(Blackboard is an excellent example of the phenomenon of IHEs putting mission-critical components of their operations in the hands of for-profit entities that may not only not share the IHE's mission, but maybe indeed have diametrically opposed missions. This will be fodder for a separate blog posting or 3.)

You've got HOW many people working on that?

Today's Chronicle tells us that College Social-Media Efforts Are Hindered by Inadequate Staffing. Specifically, roughly half of respondents say that have 0.5FTE or less working on social media.

Anybody who thinks about it this way is completely missing the point.  You don't hire somebody to "work on social media." What's next? A social media department? This can parallel, presumably, your web department and your gopher department and your email department and your, well, your REAL communications/PR department.

Nobody should have any staff "working on social media." All employees who deal with the public, even tangentially, should be aware of social media and how it affects their job and their employer. (If they can't wrap their brains around this concept, they need to find another job. With encouragement, if needed.) Your best social media efforts are, almost by definition, organic.

You don't bring in somebody to work in blissful mutual ignorance from the rest of the institution. Whatever "medium" is "hot" right now will be gone next year. Or next month. (Did somebody say "gopher?") Your employees need to be able to adjust to this changing landscape. There's a fine line between always chasing the latest hot tech trend and hidebound unwillingness to engage anything except the old model. If you really want to walk that line--and you do, even if you don't know it--don't even think of hiring people to "work on social media."

"And who is my customer?"

If you work in higher ed these days, you hear a lot about "customer service." This has been going around in different contexts for a long time; it's been rampant in IT, at least in the "user support" world for decades. (OK, maybe using the plural is a bit hyperbolic.)

The students, after all, are our customers, we are told. And there is a lot of truth in this, considering where the revenue of most IHEs comes from. Many people, of course, resist the very sensible idea that we should strive to please the people paying our salaries. To wit, this piece on student classroom behavior by Brian Hall of Cuyahoga Community College.

My immediate reaction was, "here we go again." Another professor bemoaning the bad behavior of these kids today. Why, in my day... And although I thought the article was somewhat tiresome, because of its retreading of a subject endlessly rehashed over the years (generations?) (eons?), I found myself sympathizing with Dr. Hall. Interrupting when another person is talking? Taking phone calls? Pretty damned rude, right?

But aren't the students right? They do pay for these classes, right? (Or somebody does; don't get picky on me.)

The problem, in my view, is that there has been a breakdown in the understanding of what is being sold. In order to criticize today's students we must, of course, hearken back to the students of an earlier age, who were responsible, polite, hard-working, and respectful of their professors. They didn't get that way because the professors had power and stature that they don't have today, or because the students of that age had politeness to (if not actual respect for) authority beaten into them. (Though it is possible that they did, and they did. It's also possible I'm being overly polyannaish for dramatic effect.)

In a nutshell, I suggest that past cohorts of students understood that they were submitting their work to the professor in order that the professor would pronounce judgment on that work. Judgment on the work, and on them in relation to their peers, in the case of grades given out "on the curve." Did the students expect to receive value for tuition paid? Of course they did. But the value they expected tended to be the judgment (in every sense of the word) of their professors.

Fast forward to today, and we see students.... well, like the ones in Dr. Hall's piece. There is, in fact a word for a place you can go where you can pay your money and the management will uncritically supply you with what you want. And that word is.... no, sorry, it's not "brothel," it's Diploma Mill. Really, I'm serious! You think of a place where you go ask for, say, a B.S. degree, they name a price--"Would you care to supersize that to a summa cum laude?"--you pay it, and you take away your degree.

"My college is not like that!!!"

Isn't it?

Don't get me wrong. I am happy to see the Paper Chase era recede in the distance. But the more we enable people who don't want to learn to avoid doing so, and still pass their courses, the closer we get to diploma mill-hood.

Yes, I'm painting with a broad brush and overgeneralizing in my contrast of the halcyon past with the decadent present. But one doesn't have to accept anecdote as evidence to observe that there are a hell of a lot of anecdotes out there. If you're not satisfied I've proven my point, well, neither am I. I intend to develop this theme in future postings, as I bring it back home (well, home for me) to the world of information technology.

The perfect is the enemy of the good

It seems to me that one of the most basic rules of blogging, if one hopes to build an audience, is that one should blog regularly. Regularly, that is, at intervals of less than five weeks. So I failed already; we'll see if I can do better. I could whine about how I've been so busy, etc. etc., and that wouldn't be incorrect. But a more fundamental reason why I haven't posted in the past weeks is that I can't put together what I want to say in a way that satisfies me.

Amorphous, mutant forms float around in my head based on things I see and read about in academia and in IT. I can't be coherent, can't bring my analysis to bear on them in a satisfactory way. I have finally concluded: screw that: this is a blog. Expect disjointed, incoherent natterings. Perhaps the exercise of writing itself will help me develop the cohesion I want to have before "publishing."

You have been warned.

Football: Brain Damaged?

I suppose I am expected to make some pithy, well-informed comment about links I post. Otherwise, my reader, errr, readers (hi Mom!) will get bored. But all I can work up to reports of substantial brain damage in football players is, "wow." I always felt that college athletes at many (most?) schools get a raw deal. But I never imagined anything like this. Check out the Tenured Radical for details.

OMG!! DATA BREACH!!! Ummm... not so much.

This article from the Chronicle of Higher Ed's Wired Campus blog alerts us to a recent incident at Princeton University. And wow, what a mountain was made out of such a tiny molehill!

Ms. Aronson said Mr. Li had engaged in unauthorized use of information that was supposed to be available only to university programmers who needed to access the information for official university business. She pointed to a Princeton policy that states that anybody who finds a gap in the university’s online security must report it to the university and refrain from exploiting it.

You're kidding, right? It is to laugh.

The LDAP server was set up to provide exactly the level of access that Mr. Li took advantage of. EXACTLY. There was no effort to limit access to the server so that, say, you had to have a Princeton account to log in, or you had to be on the Princeton campus. (Should it have been set differently? Arguably, yes... or no. This is a policy decision, one that I hope would have been taken by staff who were intimately familiar with Princeton's policies for handling student information.) It is only by the most CYA-inspired PR-spinning that this accessible LDAP server could be considered "a gap in the university's online security."

Mr. Li simply took advantage of the complex LDAP database protocols that were available to those with the extensive training needed to access them.  Oh, wait, no, he followed the directions on a Princeton-provided web page to perform a fairly simple, if somewhat arcane, configuration of a freely available email client, directions which could have been adapted to any other LDAP client in about five seconds. (I digress to note that this web page now states that "unix access" to the LDAP server NAUGHTY! So DON'T DO IT!! OK, cool, that means I can still use a Windows or MacOS based client, right? Or, wait, Linux isn't unix, right? Android? Yay we still have plenty for sanctioned access methods!)

At this point, somebody out there is going to say, "Well just because I left my front door unlocked doesn't mean somebody can come in and steal stuff." True... true indeed. Let's look at what the malicious Mr. Li stole. Let's see... ummm.. there was... uhh....

The information Mr. Li found does not appear to be protected by the Family Educational Rights and Privacy Act, or Ferpa, experts say.

Experts who, presumably, were unwilling to actually go on record. (Except for Tracy Mitrano, who is cited later in the article. Though the use of the plural "experts" suggests the Chronicle spoke to at least one other person besides Ms. Mitrano.)

If Mr. Li discovered this, shall we say, loophole, and ran out to set out his web site, I'd be much more sympathetic to university officials trying to put a lid on this. But the Chronicle article says he learned about it back in the summer. It doesn't say whether he did anything before last week.  But Li "said that OIT had been made aware of the security issue by other students in the past." (This last quote from an article on the subject from the Daily Princetonian which, surprise surprise, is more sympathetic to a student view of things than the Chronicle.) But, once again, we lack interesting details of when these notifications might have happened.

The facts are simple. The LDAP server was there, with all the information exposed. It was exposed intentionally on the part of Princeton staff who set it up. (I argue intention because the alternative, incompetence and ignorance, seems less likely in light of the LDAP access instructions previously provided by Princeton.)

The exposure of this information may have been intentional in an institutional sense, after an appropriate policy-making process. If so, all Princeton had to do was re-iterate its policy. Based on the reaction, we can assume that it was not. In this case, the sensible reaction would be to chop off the LDAP server (either drastically limit access, or, most easily and sensibly, require a login to access the information) while a new access policy developed.

The attempt to bring some sort of disciplinary action against Mr. Li is ridiculous. The only thing it will accomplish, even if "successful," is to make Princeton look stupid. Clearly, they're already guilty of a disconnect between student information policy and on-the-ground implementation in the IT organization. Really, people, doesn't everybody have bigger fish to fry? 

Oh, yeah. Any employee of any university who reads this and doesn't ask, "gee, I wonder what directory information is available publicly from my employer?" needs to wake up.

Welcome; Colophon

Welcome to my humble blog. I am an anonymous cog in the information services apparatus of a university.  I plan to blog on subjects of interest to me from the worlds of academia and of information technology. 

In the interest of keeping a low profile, I plan to remain pseudonymous. In this, as in other respects, I have been inspired by Dean Dad, whose posts have been consistently thought-provoking over the years. (I hope we will not begrudge me the shameful co-option of his blog title; I'm horribly un-creative about such things.)

I also owe a tip of the hat to Scott Adams, who inspired my pseudonym. "Steal from the best," as somebody said. Regrettably, I have misnamed myself "Denier" rather than "Preventer." Although I could change it, well, that would be a denial of my own mistake, and why not let it stand? At any rate, as I hope will be clear, my taking of the character's name does not imply that I have modeled myself after the character. Or, perhaps I'm just in, well, denial.