Category Archives: Instructional Technology

ITBabble Virtual Learning Solution Webinar

I’ve developed a very flexible solution with iPads and some ergonomic tools/devices.   

The main goal was to have tech that was useful all the time, not just during quarantine, and tech that didn’t strain the network with video standards that can’t be handled by personal home networks. The investment would be useful for 3-7 years, or the duration of the equipment lifecycle. The tablet form factor I chose was the iPad, but this could be done with Android or Chromebook tablets.

This model eliminates document cameras, allows for hand writing on paper or real whiteboards, allows for digital whiteboards, and you can ergonomically adjust things so people feel like they are sitting next to someone. 

Teachers can freely move around the room to demonstrate labs and other experiences that are eliminated in most virtual scenarios. 

You can even do choir, band, and art. 

If teachers/hosts have laptops, this allows for  two cameras in every space. Students can flip between the iPad and the host device. 

The conferencing software doesn’t matter. You can use anything for your video conferencing. 

If people need to work from home they just take the iPad, and literally replicate their teaching environment.

This idea can be summed up in a single simple statement: The iPad is a Person in your Classroom.

If you would like to know more, please complete the form below.

https://forms.gle/5CwcQxSSd9vxmjiMA

Microsoft Teams for OS X Send Your Audio and Sound to your Audience with Soundflower

By Tony DePrato | Follow Me on LinkedIn

This video explains how to set up your Apple hardware to stream audio from Youtube and other sources to your Teams Meeting.

Get Soundflower: https://github.com/mattingalls/Soundflower/releases/tag/2.0b2

The Support Puzzle

Jigsaw

By Tony DePrato | Follow Me on LinkedIn

I was recently in a conversation with a large group of people who provide IT Support. Many do not work in education, which is why I like the group. One of the members was recently asked in an interview to rank the following support requests in terms of importance.

1) A teacher has standardized testing starting in 30 minutes however she is unable to access the testing site.

2) The principal (aka your immediate supervisor) can’t open a spreadsheet that she needs to have ready for a presentation later that same day.

3) A teacher is unable to start a lecture because her PowerPoint won’t open. Students are waiting in the classroom.

This scenario truly exemplifies the difference between EdTech and CorpTech. In EdTech the order of importance should be, 1-3-2. In CorpTech it could easily be 1-2-3, or, even 2-1-3. Anyone who has worked with a demanding boss in a Hire-At-Will employment environment would understand why.

In a school, unless the school is on the bad side of accreditation standards, the answer would be 3-2-1.

Here is why.

Teaching and Learning

Most people look at the options and see time and urgency. And although the right answer can be derived from time and urgency, that metric will not always apply. A universal metric is to always focus on Teaching and Learning (TL).

This means that all processes at the school, IT included, need to be on mission and that mission is to support Teaching and Learning. In order to do that, students and teachers come first, and everything else later.

The business of the school is education, education happens within the TL dynamic.

Most school administrators will not even interrupt classes unless there is a real emergency. School administrators will inconvenience themselves to reduce the impact on teachers and students.

In organizations with a head of school or superintendent, those offices may have their own separate support for the technology to further reduce any impact to TL.

The Eisenhower Matrix

I am a big fan of using time management and decision management frameworks. My favorite is The Eisenhower Matrix. I have written about it here if for those who are not familiar with it. 

matrix22

I use the layout above for decision making and project planning. I also use Agile and Scrum when executing the actual pieces of projects. I need these tools to prevent reacting emotionally to problems.

In the scenario above this is how I would categorize each of the three support problems.

DO, Do it Now: 1) A teacher has standardized testing starting in 30 minutes however she is unable to access the testing site.

The reasoning here is that standardized tests have controls that the school must follow. This is a tricky scenario because unless you have implemented IT procedures for standardized testing you would not realize that the pre-testing is completed well in advance. That means the school has already scheduled and guaranteed a test window. The test either has to occur or be canceled and rescheduled. I would write a guide on test implementation, and they vary greatly. For older children, there is a high risk if these test fail.

DECIDE: 3) A teacher is unable to start a lecture because her PowerPoint won’t open. Students are waiting in the classroom.

As a school administrator, I would, of course, ask IT to go help the teacher immediately. In this case, you really need to know the schedule before deciding when to go. If classes are 70-80 minutes every other day, you would want someone in there immediately. If classes are 35-40 minutes daily, you would want to send someone at the end of the class.

The technology has made achieving the lesson goals impossible if the lesson is short. However, the lesson occurs so often that the impact on TL is low. In fact, taking more time in the end when the students are transitioning will allow someone to look at prevention instead of just adding a quick solution that only deals with the symptom.

Most schools have requirements that teachers should be able to run their lessons in the event of an IT failure. This should not happen every day, but it can happen, and teachers are required to work through the issue. If a teacher follows protocol going into the class 5-10 minutes after class has begun, could interrupt their backup plan.

This is why it is a DECIDE. It varies based-on campus and culture.

Delegate: 2) The principal (aka your immediate supervisor) can’t open a spreadsheet that she needs to have ready for a presentation later that same day.

Anyone can do this job as soon as the others are in progress. If there is one IT support person, they will do this last. It is not time-sensitive. Most principals would angry if a teacher or class of students were put in lower priority.

If there is a team, the leader could assign someone to this with a reasonable timeframe.

If you are in EdTech IT Support, make sure you are connected to the culture of your school. Understanding the policies and procedures outside of IT is key to understanding how to support Teaching and Learning.

 

 

Cubit Robotics: Probably Better Than What You Are Doing

654724647_780x439

By Tony DePrato | Follow Me on LinkedIn

I have been working with robotics since 2005. I have worked with students from US Grade 4 to students competing in university competitions.

As of late, I have been shocked by this trend: remote control.

Remote control is not the future. The future is autonomous and AI-driven. So why are schools teaching robotics via remote control at all levels with very little autonomous programming?

The software that was once easy to access, often free, and allowed for fairly deep programming has reverted to big graphical blocks.

This is why I am very excited about Cubit Robotics/Electronics for STEM.

I asked Cubit for a sample kit, and they sent it along. My robot frame and build were simple because I wanted to focus on programming.

cubit-rover

The Cubit was loaded with sensor options, and the programming interface was Bluetooth.

For the record, I was using a Macbook, and I was very happy to get back into a programming environment that empowered real coding on an Apple. As of late, most of the robotics packages I have used on an Apple have removed the text-based coding options.

The flexibility was nice, and the educational scaffolding was clear.

You can start with the colorful blocks, and easily get things working.

Screen Shot 2020-01-16 at 7.44.43 AM

Then, you can get into the code, and make things work the way you want.

Screen Shot 2020-01-16 at 7.45.03 AM

Cubit uses Lua language. I found it to be an excellent primer for going in a variety of programming directions. I have always found that using robotics and electronics as a prerequisite for IB or AP computer science is a better primer than simply having an introductory course based solely in a language. Let’s be honest, robots are fun, and they can really help build the programming competency base.

If you are new to robotics and have no idea where to get started, Cubit is an excellent solution. Cubit provides a built-in curriculum with projects ranging from elementary to high school. The programming environment guides users through the initial steps.

Screen Shot 2020-01-16 at 8.10.41 AM

Robotic’s education needs to move away from the obsession with remote control. I believe this obsession emerged from the ubiquity of mobile devices, and the realization that automation is usually a low scoring and frustrating endeavor. When students can use a remote control, they can get more points and do more in less time.

The process, stress, and failure should be the goal when using robotics for K-12 education. If a student can understand the complexities of automation before they leave high school, then they are better prepared for the AI-driven future and their place within it.

It is small, affordable, and easy to build, but Cubit is a step towards authentic learning and forward-thinking.

AI Research

  1. https://www.grandviewresearch.com/industry-analysis/artificial-intelligence-ai-market
  2. https://www.pwc.com/us/en/services/consulting/library/artificial-intelligence-predictions-2019.html
  3. https://apnews.com/Business%20Wire/df8bdcfa4de84f6aa301d3683c2e1b55
  4. https://www2.deloitte.com/content/dam/Deloitte/br/Documents/technology/DI_TechTrends2019.pdf

CyberSecurity Part 3: Simple Penetration Testing for K12 Schools

simplepen
By Tony DePrato | Follow Me on LinkedIn

I have been following a few online threads where schools are considering contracting penetration testers. For those who may not know, penetration testing (pentesting) is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network to check its security posture. The objective is to penetrate the application or networksecurity defenses by looking for vulnerabilities. These are usuallyweaknesses or flaws that an attacker could exploit to impact confidentiality, integrity, or availability. This goal is the same whether performing application pentesting or network pentesting. ~ https://cobalt.io/pentest

As a consultant, I am not opposed to K12 schools using consultants. However, I have seen some red flags out there from pentesting consultants. I want to highlight those issues, and also provide a method for K12 schools to get started on this process in an easy and low-cost manner.

Finding a Good Pentester

The Conversation

School: We are looking for someone to help test our security.

Pentester: Great. I can do that ( credentials and background presented).

School: What do you need?

Pentester: I need a list of (x,y,z). I need an office to work from. I need to interview…

What is wrong here?

Here is how this should go

School: We are looking for someone to help test our security.

Pentester: Great. I can do that ( credentials and background presented).

School: What do you need?

Pentester: I need a contract protecting me if I break into one or more of your services. I need a contact person to send my findings to. I need a timeline.

A pentester’s job is to find the weaknesses and to find a way to access your organization. If you provide access, not only is the job easier, but they could simply report an issue that is unlikely to occur. I witnessed a similar scenario where a firm was asking for the keys to break into the car.

There may be a point where you want a pentester to become a student and see what a student can do with the access provided. There may be a point where you want them to test spaces used by the public during events.  If you provide and manage laptops, a good pentester will need one of the school’s laptops.

These are reasonable requests. Asking the school to literally give them a roadmap and set of targets is not reasonable.

Doing Your Own Testing

I have a list of standards schools should work towards to be secure. Some these do not always connect well to third party services, public-facing websites, etc.

Over the last few months, I have developed a checklist for pentesting K12 school websites and resources.

Test Definition
Subscription and Services Discovery Can your subscriptions and services be easily discovered?
Files Exposed to the Public Are there files publicly available that supposed to be private?
Calendars Exposed to the Public Is calendar data that should be private, private?
Staff and/or Student Email Harvesting Can your staff and/or student PII be used to create a database for phishing and spamming?
Portals and SIS Are your portals and SIS properly secured and difficult to brute force attack?
Websites and Social Media Are websites and social media properly secured; is the media being used legally and correctly?
Cloud Services Have cloud services been properly secured?
Third-Party Sharing Is anyone sharing your content and do they have permission?
FTP, SSH, and Telnet Are any of these protocols a threat to your school via publically accessible information?
Email Blacklist Is your email domain blacklisted?
Email Header Check Is there any data in your header that could be anonymous or lead to blacklisting?
Email Catch-All for Non Existent Emails Is your email set up to catch any email that does not exist and alert someone?
SMTP Relay Is your email system running services that would allow an attacker to use your email for a criminal act; send an email on someone’s behalf?
4xx and 5xx Error Check Do the 4xx and 5xx pages on your public-facing services configured properly and supportive of trusted users?
HTML Forms Are any HTML Forms vulnerable to low-level URL based attacks? (Will also review CAPTCHA.)

I score these on a scale of 1-5 and document the issues/results. The next level is researching the solutions to correct the problems. Keep in mind, many solutions are in policies and procedures. This means issues need to be articulated for school leaders, teachers, students, and parents.

In other words, avoid jargon and lingo.

Doing as much due diligence as possible before contracting someone will not only save time and money, but it will also help to further educate the community.

If you do not know what is actually dangerous, then everything could be sold as dangerous.

These recommended tests are not very difficult, but if you want to outsource this, email me at: tony.deprato@gmail.com  .  I thoroughly enjoy doing this kind of work and have automated many of these processes with scripts and services.

 

 

 

 

CyberSecurity Part 2: OPSEC and Post-it Note Passwords

Password 123456 written on a paper

By Tony DePrato | Follow Me on LinkedIn

How many times have you seen it? You walk into an office or classroom, and a Post-it is proudly announcing a user’s password. Why? Because schools are trusting environments.  Maybe the password is not for the computer, maybe it is for the teacher/staff WiFi. A WiFi network that has no other security aside from the password: TeacherWifi1.

Before spending thousands of budgetary funds on security consultation, all schools (and organizations) should focus on their Operational Security or OPSEC. OPSEC is officially defined as:
Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands.

Developing a solid OPSEC plan is not that difficult. A bit of common sense and creative thinking goes a long way. Let’s walk through some simple practices that will help improve a school’s operational security, and the school’s ability to react to problems.

Follow Normal Child Safety Practices All the Time and in all Departments

The basic child safety concepts are: keep students away from unverified adults and make sure adults are not alone with children (and if they are alone they are visible).

The standards seem to be prevalent in all child safety courses and certifications. Following these two standards, and applying them to a technology plan would yield the following rules:

  • Students are never allowed on the same network as teachers/staff/guests
  • Students share information through the cloud or monitored middle process (such as a Synology share that requires user login)
  • Students should not be allowed to peer share with teachers (e.g. no more AirDrop)
  • The guest network is limited and separated from everyone else
  • No access to the network etc. unless all users provide an ID or their devices are identified as approved devices

You can find more detailed standards here for securing your network and developing a better level of OPSEC.

Office and Classroom Access Should Be Managed by Policy

The worst hacking scenarios I have personally experienced, and that resulted in child and family trauma, began with data being printed and left in unattended offices/classrooms.

Simple and reasonable practice can deter most people from crossing the privacy line. Here are some suggestions:

  • Laptops should be secured in a bag or other area when unattended; on the desk, lid open is bad practice
  • Documenting passwords should be discouraged
  • Desktops and other devices should be logged out when unattended; or secured with a password screensaver
  • Teams should split their lunches and breaks to ensure that the office/classroom always has someone present
  • Office/classroom hours should be posted so that everyone knows when the space is open for meetings or visitors
  • Desktop phones should have a security code to make calls off-campus
  • Students, parents, and others should have a demarcated area for meeting and working with staff and teachers; certain areas should remain off-limits
  • Printing from offices needs to terminate in a secure space; it should be difficult for an unauthorized person to make physical contact with an office printer

Walk Around and See What You Can Do

School administrators often conduct classroom walkthroughs and observations. This process is similar.

The leadership team needs to be scheduled to break-in to areas on-campus. They should test closets, offices, doors, etc. Printers should be checked for abandoned documents, and those documents should be sampled. Did someone print and leave any confidential information? Any tests or assessments? When guests are in the building, how freely can they move beyond common areas before they are politely challenged?

The team should document what they find, and question why the access was possible. A formal review of all vulnerabilities is going to inform the necessary actions that need to be taken.

If there is a plan to work with an external contractor, having all this research is essential. Focusing on unrealistic threats and problems will not strengthen security or cybersecurity. A misaligned plan will waste resources, provide a false sense of security, and overall weaken any future response to a real threat.