Going Phishing with Finalsite

phishing

By Tony DePrato | Follow Me on LinkedIn

This video reviews a method to extract staff email and names from the popular Finalsite CMS used by K12 schools.

Disclaimer: This video is not documenting any known bugs or issues with Finalsite. This video is demonstrating how Personal Information can be harvested using options end-users select. Solutions to this problem are available by adjusting the options in any existing Finalsite implementation. Specific tools and process will not be fully revealed in the video. Anyone wishing to learn more must arrange for a private demonstration.

References:

https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-human-factor-2019.pdf

CyberSecurity Part 2: OPSEC and Post-it Note Passwords

Password 123456 written on a paper

By Tony DePrato | Follow Me on LinkedIn

How many times have you seen it? You walk into an office or classroom, and a Post-it is proudly announcing a user’s password. Why? Because schools are trusting environments.  Maybe the password is not for the computer, maybe it is for the teacher/staff WiFi. A WiFi network that has no other security aside from the password: TeacherWifi1.

Before spending thousands of budgetary funds on security consultation, all schools (and organizations) should focus on their Operational Security or OPSEC. OPSEC is officially defined as:
Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands.

Developing a solid OPSEC plan is not that difficult. A bit of common sense and creative thinking goes a long way. Let’s walk through some simple practices that will help improve a school’s operational security, and the school’s ability to react to problems.

Follow Normal Child Safety Practices All the Time and in all Departments

The basic child safety concepts are: keep students away from unverified adults and make sure adults are not alone with children (and if they are alone they are visible).

The standards seem to be prevalent in all child safety courses and certifications. Following these two standards, and applying them to a technology plan would yield the following rules:

  • Students are never allowed on the same network as teachers/staff/guests
  • Students share information through the cloud or monitored middle process (such as a Synology share that requires user login)
  • Students should not be allowed to peer share with teachers (e.g. no more AirDrop)
  • The guest network is limited and separated from everyone else
  • No access to the network etc. unless all users provide an ID or their devices are identified as approved devices

You can find more detailed standards here for securing your network and developing a better level of OPSEC.

Office and Classroom Access Should Be Managed by Policy

The worst hacking scenarios I have personally experienced, and that resulted in child and family trauma, began with data being printed and left in unattended offices/classrooms.

Simple and reasonable practice can deter most people from crossing the privacy line. Here are some suggestions:

  • Laptops should be secured in a bag or other area when unattended; on the desk, lid open is bad practice
  • Documenting passwords should be discouraged
  • Desktops and other devices should be logged out when unattended; or secured with a password screensaver
  • Teams should split their lunches and breaks to ensure that the office/classroom always has someone present
  • Office/classroom hours should be posted so that everyone knows when the space is open for meetings or visitors
  • Desktop phones should have a security code to make calls off-campus
  • Students, parents, and others should have a demarcated area for meeting and working with staff and teachers; certain areas should remain off-limits
  • Printing from offices needs to terminate in a secure space; it should be difficult for an unauthorized person to make physical contact with an office printer

Walk Around and See What You Can Do

School administrators often conduct classroom walkthroughs and observations. This process is similar.

The leadership team needs to be scheduled to break-in to areas on-campus. They should test closets, offices, doors, etc. Printers should be checked for abandoned documents, and those documents should be sampled. Did someone print and leave any confidential information? Any tests or assessments? When guests are in the building, how freely can they move beyond common areas before they are politely challenged?

The team should document what they find, and question why the access was possible. A formal review of all vulnerabilities is going to inform the necessary actions that need to be taken.

If there is a plan to work with an external contractor, having all this research is essential. Focusing on unrealistic threats and problems will not strengthen security or cybersecurity. A misaligned plan will waste resources, provide a false sense of security, and overall weaken any future response to a real threat.

 

 

 

 

CyberSecurity Part 1: Social Engineering

Lock
Lock
Source: https://www.youtube.com/watch?v=JsVtHqICeKE

By Tony DePrato | Follow Me on LinkedIn

I have noticed an uptick recently in schools moving resources, money and time, to address cybersecurity concerns. The motivation for addressing security issues is genuine, but the approach and implementations I am reading about are less than effective.

Over the next few weeks, I will be writing a series of posts to address what schools should do to improve cybersecurity. Nearly every suggestion will require a change in process or culture, but not any significant financial investment.

Social Engineering

Even if you’ve got all the bells and whistles when it comes to securing your data center, your cloud deployments, your building’s physical security, and you’ve invested in defensive technologies, have the right security policies and processes in place and measure their effectiveness and continuously improve, still a crafty social engineer can weasel his way right through (or around).

Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. ~ https://www.csoonline.com/article/2124681/what-is-social-engineering.html

Physical access to any space is the holy grail. Hacking begins with collecting information, watching people, finding the weak links within the organization, and studying how systems and people work.

Having an open friendly campuses means exposing information systems to a variety of threats that exist outside the network controls.

Allowing students, teachers, and staff to freely move around campus with few limitations or consequences, creates multiple opportunities for data to be collected on areas of the campus that generally are part of the plant or backend operations. These areas are designed for small teams of workers to keep the campus running, and these areas allow access to systems that control things like water, gas, electricity, etc. The plans and operational guides for these areas are not public, but people taking a regular stroll through these spaces eventually collect enough information to execute an exploit.

Maybe the exploit is simply students finding a way to sneak off-campus, but when one group creates a loophole, another group has the opportunity to use it. Social engineering practitioners are looking for loopholes and they are looking to mix with trusted groups of people. Their access begins with a bad policy or the improper enforcement of a policy.

It is far easier to use social engineering tactics to attack a school’s data and assets than to try and exploit the network externally. Not only is it easier, it is less risky. Generally, school policy is granting a person physical access, and therefore they are not trespassing. Whereas any attempt to breach the network would be a crime.

Before worrying about the network, the cameras, and the technology as a whole, it is imperative to reduce physical access and to design policies that balance community with access.

Defending Against Social Engineering in a Friendly Manner

Schools are not banks or government facilities. They are generally friendly and trusting environments. Implementing security measures should not create a panic, and should not create a culture a fear. Every measure taken needs to connect to another logical reason that the community can understand. Here are some ways you can reduce the risk of threats through social engineering:

  1. Let everyone know, they are free to call security and report anyone or anything they see that seems “off.” This means, not punishing people if they misidentify someone. Make the process easy, and make certain security personnel follow through and keep records. Social engineering often requires a few visits to a campus, and studying reports could identify a pattern.
  2. Lunchtime is always important on a school campus. Set a simple policy for business and operational offices to either rotate their lunchtimes and /or lock their offices. Lunchtime rotation is an excellent countermeasure. It ensures that every day, a few people are always in an office, the offices are open so people can access services, and the schedule of activity is difficult to predict.

    An example would be the following: Four people work in accounting. On Mondays, Wednesdays, and Fridays, person 1 and 3 choose to do lunch at 11:30AM; On those days person 2 and 4 choose to do lunch at 12:30 PM.

    Locking offices for an hour is safe, but it is not going to be as popular as using a rotation.

  3. Any closet or room containing computer network equipment, phone system equipment, etc. should not be used for storage. Why is this important? Because the moment a room or closet is accessible for storage, the number of people who will be opening the door becomes unpredictable. The equipment in that space would allow easy access to all the data that flows through the school.

    A common mistake schools make, is to use these network/electrical closets to store cleaning supplies.  Cleaners are usually very friendly and trying to help people, as well as maintain safety. So, if I wanted to access the closet and exploit the network, I would create a spill of liquid and wait for the cleaner to get into the closet. I might even distract them long enough to slide a small piece of paper between the lock and door jamb.

    The cleaner is doing their job, and I have gained access to the space after the cleaner is finished.

  4. Guests/Parents should have their own network. It goes without saying that allowing anyone aside from students and employees on the academic network is risky. A guest network SSID is highly recommended if the public or parents are allowed to use the WiFi. The more I consider this, the more I believe that a better policy is to simply improve the mobile network reception, and direct people to use their own data.

    A school can invest in repeaters and other technology to make the mobile signals from various providers strong and robust.

    Schools can also use services like Kajeet to deploy better mobile access. In many cases, schools qualify for FREE mobile hotspots. Why spend time and resources giving the public and parents access to limited and/or filtered academic networks anyway? Using mobile reduces the chances of a data breach, and virtually eliminates the liability a school would incur.

  5. Encourage and incentivize teachers to work outside their offices, in higher traffic areas. Teachers know each other, they know parents, and they know students. Teachers also have good instincts for spotting odd behavior. These statements are from anecdotal evidence, but if you have worked at a school for a long enough time, then you realize teachers are truly on the pulse of the organization.

    Teachers working in school cafes, libraries, etc see and hear more than they would if they are isolated in offices.

    Setting up conference rooms with glass walls, or creating PD opportunities in more public venues would greatly improve the random and increased presence of teachers on-campus.

    Remember, the idea is to create unpredictable patterns and to make it more difficult for someone to find a weakness and the confidence to act. The mere presence of staff in public spaces is a deterrent.

  6. Assume a good Social Engineer can get on-campus with an ID check, and plan accordingly. The core group defending against social engineering would most likely be the security team, operations team, and technology team. They should work together to plan scenarios and action plans. School leadership needs to make certain that those teams are focusing on those individuals who have enough skills to get through the external layer of security.

    Making assumptions that the camera system, front gate ID check, etc., will somehow prevent access, is going to create a false sense of security. Good social engineering requires imagination and creative thinking. Good defense will require the same.

  7. Work with parents to test your security and access. Parents want what is best for the school and their children. Parents also have come from a variety of backgrounds. They are a trusted group that will be honest and help measure improvements.
  8. Educate yourself first, and seek outside advice second. There is a massive amount of information about social engineering. It is worth educating a core group of people on security topics so they can inform practice and direct consultants. Remember, consults will only be useful until they leave. Build your team, and give them the time they need to learn. Much of what people need to know is free, time is the only factor.

I hope this posts stirs the pot and creates some discussion on school campuses. I am placing some resources below, including some very informative and entertaining videos on the subject of social engineering and physical penetration testing.

I am happy to do a live debate on this subject or webinar for anyone interested. Please email me at tonydeprato@gmail.com

 

Resources

 

  1. DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)- https://www.youtube.com/watch?v=JsVtHqICeKE
  2. I’ll Let Myself In: Tactics of Physical Pen Testers- https://www.youtube.com/watch?v=rnmcRTnTNC8

  3. What is Social Engineering: https://www.csoonline.com/article/2124681/what-is-social-engineering.html
  4. Passwords are Still a Problem: https://www.nextgov.com/cybersecurity/2019/01/why-computer-passwords-are-still-problem-2019/154086/
  5. Cybersecurity Stats: https://www.varonis.com/blog/cybersecurity-statistics/

 

 

 

The Absolute Best Accessory for Your Apple Laptop

usb1By Tony DePrato | Follow Me on LinkedIn

I am not one to recommend products. However, lately, I have come to realize that since Apple removed all the useful ports on their laptops, I am reliant on a single $2.00 piece of hardware: a USB C-Port Adapter. This little piece of plastic magic makes my workflow work.

This tool is a simple design at a modest price point, yet, it is often the solution that moves a project from idea to reality. I connect dozens of devices using this technology bridge in order to deliver curriculum, podcasts, 3D printed objects, etc.

The most remarkable quality this small island of magic possesses is that is constantly reminds me that we do not need solve problems via upgrades. We should be solving problems with technology and educational technology by tightening our workflows and being resourceful.

There seems to be a constant insistence that X is not fast enough, or Y is not dependable. I constantly hear people state that the equipment they have in 2019 cannot solve a 2001 problem. The issue is rarely the stuff, the issue is usually the workflow.

Try Something New with Something Old

Here is an exercise I would recommend everyone try on their campus. This can be done for fun, as club, or as some type of fun challenge.

Have departments, staff, students, and other community members submit some issues or problems that continue to linger in the classrooms (learning spaces). Appoint a small team to review the problems, and choose one.

Finally, put this problem out to those willing to compete for a solution with the following criteria:

  1. The total budget that can be used to solve the problem must be less than $10.00 (or equivalent)
  2. Solving the problem using used equipment, materials, recyclables, etc. earns teams extra points
  3. Using school owned equipment to plan and produce a solution is required; donations are not allowed

Professionally, I actually try to follow this process all the time. The items above are on a personal check-list. My goal is to model a solution using existing resources.

What if It Works?

Often real solutions arise that are functional, but below standard. That is not a bad thing. The school has empowered a community driven development cycle, and created a working prototype under the umbrella of healthy competition. There are no losers in this game, everyone learns, and everyone wins.

In fact, if a school can continue to improve the process, and raise the standard internally, the outcome would be a community built and maintained solution. Older students can keep the momentum going as long as school mentors and leaders provide regular oversight.

Small Solutions have Real Power

This small solution below, is actually very important to my workflow.

usb2

No one needs to build a Tesla to change the world for the better. It is important to develop a philosophy of empowering students and teachers to create small things that improve daily workflows, increase efficiency, and add comfort and entertainment to the campus.

Start small. Ask questions. Find a problem. Make a prototype. Change the world.

Scan Your School for Unsecured Public Documents

Screen Shot 2019-08-08 at 1.10.41 PM

By: Tony DePrato | Follow me on LinkedIn

How many documents do you have open to the public? When was the last time you checked to see what anyone with internet access could download from your school website, your PowerSchool or SIS public folder, or even your various cloud services?

Before you think I am wasting your time, here is a quick glimpse of a simple public search for budgets people have not secured:

Budget_Search

 

If the above animation is not clear, don’t worry. I will show you how to do it.

INURL and FileType

Google has some cool advanced search features. To scan your public files, the two I recommend are “inurl:” and “filetype:” .

For example when copying and pasting the following string into Google, inurl:saschina.org filetype:pdf , the results are all public PDF files that exist with any url that contains saschina.org.

Screen Shot 2019-08-08 at 1.20.38 PM

Keeping the url simple often yields more results. For example, using saschina would look at other domains. If you add the .org, then the search will be limited to the .org domain only.

When to Worry about Public Documents

First off, many documents are supposed to be public. Seeing documents in this type of search is normal and excepted. What is not usually expected are documents that contain:

  • Name associated with contact information
  • Medical information
  • Names of parents, donors, etc.
  • Special codes use to tell vendors/suppliers who has organizational authority to place orders
  • Bank information
  • Payment information
  • Usernames and Passwords
  • Etc

Documents with information similar to the above should be secured, unless required to be public for legal reasons.

I would suggest having document ID numbers in the footer that indicated a document should be public. This simple practice would allow everyone in the organization to report documents that should not be public.

The link below will take you to a page that will help you begin checking your online resources.

Want to Jump In and Start Scanning? Get Started Here

If you want more information on data security, privacy, and data auditing for your school, please contact me using the form below.

 

A Positive Start Matters

startup-1018514_1280

By: Tony DePrato | Follow me on LinkedIn

Stress at the start of the school year is normal. I firmly believe that a positive start leads to a positive year. Here are some suggestions I like to give to people at the start of the year.

What do you need to start the school year?

Students. Teachers. And a place for them to meet. Many of the things people stress about are not required to actually start the school year. Remember, not everything can be the most important. If everything is critical, and everything is a priority, then nothing is a priority.

No, really, what do you need to start the school year?

Here is a core checklist for the school start-up:

  • A roster of students who should be attending
  • A roster of students who left, to make certain they do not return without re-enrollment
  • Schedules (or at least a plan for the first week while scheduling is being sorted)
  • Lunch planning needs to be sorted and should be running smoothly; food is important; the communal time is important
  • Two to three weeks of lesson plans that can be executed with the resources from the previous year
  • Buddies for new staff, with a simple schedule to keep them connected and interacting
  • Short meetings scheduled to touch base on facilities issues; administrators should take the issues down and get everyone back to work
  • If the technology is being unreliable, remove layers of complexity, and simply give people access to the internet; new management protocols and summer updates can take weeks to sort out
  • Keep students connecting socially, and offline; build community first and the curriculum will be easier to deliver

Consider Staying Offline for a Few Days

For students under USA grade level 3, I would keep them offline for 2-3 weeks. Focus on social interactivity, building a relationship with their teachers, and learning how everything works within the learning environment.

For students in who are USA grade levels 3 -5 and middle school grades 6-8, I would keep them offline for at least a week. I would make sure they do a full review of the school’s AUP and Digital Citizenship program.

High school students in USA grade levels 12 and 11 should be the main focus of IT for the first two days of school. Grades 9-10 can wait. Once the upper grade technology is sorted, move down to 9-10. Remember, high school students are flexible, and they can meet IT for support in varying intervals. High school should be all online within the first four days of school.

The Big Bang is Not Good for Stress

The Big Bang Implementation Approach  (big bang), is something schools tend to do annually. Basically, they try to do everything for everyone at once. For example, connecting all BYOD devices K-12 in one day. Think about who needs access, and when they need it. Consider the curriculum. What percentage of a grade level’s content is only available with a device in hand? Do the higher percentages first, and the rest later following a steady pace.

Communicate the planning to everyone. Take a breath. And keep the school start steady, positive, and peaceful.

Finally – displays are moving in the right direction

I’m not a fan of interactive whiteboards. My opinions on interactive whiteboards have not changed. Basically I felt that it forced teachers to change how they taught in order to use the technology. I always felt that a teacher should use it as a way to enhance how they teach not force them to change.

Then I saw the Google Jamboard and thought YES! This is something that gets out of your way and lets you work. Then I used the Google Jamboard and it felt like a dream that was interrupted with a fire alarm going off next to your ear. It is a good idea but not quite finished. That on top of its ridiculous price and tiny display made it less realistic for just about anybody – regardless of budget.

Despite this I still felt hopeful. I felt that finally we getting into an interactive panel that lets teachers mirror their display, allow for annotations and white-boarding and do all this fairly fluidly without tapping the board a hundred times just to get to a map of the world (I’m looking at you Promethean).

Last week I attended a demo of a new display hitting the US market in early Spring. I won’t divulge the company or the model of the display because I’m not here to shill for them. The demo had two representatives from the company. A regional sales rep (that you would expect) and then a representative from the development team. This person apparently helps to oversee the software and the hardware implementation and how the two work with each other. This is not something you see. He was there to gather feedback and to take it back to the team. Apparently at an early demo, someone had asked for a way that the interactive display could support multiple accounts. Within 8 months they had that feature and pushed it out to older boards as a firmware update. Impressive

Attending the demo with me was a science teacher, an IT director for a larger public school system, an IT director for a division of a university and an administrator of an engineering firm. A Pretty diverse group all in all. Each had their own budgets and needs and that came out in the questioning.

The physical screen

The screen itself was quite similar to what you see on the market right now. 60–80+ inches, 4K, can be mounted on a trolley or mounted to a wall and are quite sturdy. It also has a stripped down version of Android and has lots of inputs to connect your device or another peripheral. Pretty standard features really.

In fact, the reps both said that many of the panels are all made at the same factory and then the individual companies wrap their own case, add their own software to help make their “product” stand out. So when if you’re deciding what screen your school should buy based on its appearance good luck.

Using it

Then we got to what the screen can do. Basically you can connect your computer to the screen and mirror your display or extend it and then quickly annotate on it with just a quick gesture touch on the screen. You can then save that as a screenshot or you can actually record a video of what is happening while you are working.

Thank goodness it is simple.

You can sign in to your Google Drive or your Office 365 account and so when you (a teacher) sign into the board, your cloud storage is right there at your fingertip.

Thank goodness that is simple.

You can easily bring up a whiteboard to collaborate on and you can use your finger or a passive pen (a pen without a battery) to write and multiple people can write at the same time. Again the whiteboard can be saved or recorded as people work on in.

Nice and simple.

Android messiness

As I mentioned before the board runs a stripped down Android OS. The problem with this is that there is no Google Play store meaning that you cannot easily download and install apps of your choice. You side-load an app into the board but there is not guarantee that the app will run or run properly. The representatives commented that this panel cannot run Google Play Services (no specific reason was given) because they do not meet some Google requirements. If you know what this may be please let me know in the comments.

This can limit the functionality of the board and certainly can cause issues when trying to expand its functionality. Also this is not the most intuitive or easy process for most teachers to undertake and then there are no guarantees that these apps will not crash or cause problems with the OS which may cause issues with the basic functioning of the board itself.

Wrapping up

Basic usability has come a long way from the Promethean and SmartBoards of 2010 and that is a very good thing. Now that there are a lot more companies offering a variety of options from the uber expensive Microsoft Hub to the more affordable lesser known brands such as ViewSonic.

Now these items are far more expensive than projectors but their portability, meaningful interactive features and longevity make it an appealing option for schools. We are looking at one to use in our library which will give more flexibility when dealing with a single class, small group or a large group.

The Accidental BYOD Solution

byod2

By: Tony DePrato | Follow me on Twitter @tdeprato

After reading Patrick’s recent post about iPads and Chromebooks, I decided to wrap-up an article that follows along those same lines.

The problem is, right now, (and how do I put this) our options for EdTech SUCK!

In 2008, I would have said Apple is the best solution for any school or family that could afford the platform. Then Apple started to change. I think it could be argued, they quietly have abandoned the education market.
rings

iPads are awful devices. Aside from oddly developed apps like Swift Playgrounds, iPad learning falls into two categories:

  1. Consumer Consumption
  2. Make it the way the App Says

There is no ability for students to go beyond the rules of the iPad, to change the rules of the iPad, or to create anything that was not predicted.

Microsoft has made amazing strides recently, and I do like their products. Not laptops running Windows. Specifically, I like Microsoft products such as the Surface.  However, the Surface products are too expensive, and there is still massive security issues involved in running Microsoft products. The Microsoft hardware does not reflect the actual cost of ownership, when much of that cost is used for defending the organizational ecosystem.

The rest of the market is too fragmented to build a stable platform. Unless a school directs students to only by a specific make a model every year (and every year it will change) there is no hope to establish a level playing field with BYOD students.

But. Maybe there is hope. An unplanned, and possibly accidental partnership. Chromebook + Amazon.

Google has been a big education player for some time. Overall, their services and branded hardware are dependable and flexible. The hardware changes often, but the Chrome OS is consistent.

Chrome OS is a solution for any school that has reliable internet access. Therefore, Chromebooks make a great hardware platform for such schools. Chromebooks have some reasonable opposition among many EdTech leaders:

  1. The platform cannot run powerful applications like Photoshop, Video Editing Packages, Etc.
  2. The platform is slow when working outside the core Google products
  3. Chromebooks have one official browser, and are not fully compatible with all websites/applications
  4. Although it is possible to code and create software on a Chromebook, the development options are lacking those of a traditional laptop (This is important for schools developing computer science and/or app development curricula.)

What if these four issues, were eliminated? Would the Chromebook be a better choice for most BYOD families or for schools buying hardware for students?

Enter Amazon Workspaces.

I tested Amazon Windows 10 Workspaces last year. I liked the experience, but had no reason to use the service. However, it occurred to me if Amazon Workspaces supported Chrome OS, then I could create a flexible platform for BYOD that used Chromebooks.

Guess what? There is a Workspaces Client and App for Chrome OS.

512nmkgumll

I have tested this platform for 6 weeks now using the new Samsung Chromebook and an Apple Laptop. I wanted to compare the performance of the Workspace’s Client service on two hardware platforms. Here is what I have found:

All four issues above were resolved. I even installed Photoshop and used it at the office.

Google + Amazon is a great concept for BYOD for education. The problem is, no one at Google or Amazon has realized it yet. This means the concept is not easy to implement at scale.

Although Chrome OS is free, Workspaces is not free. They do have a very affordable educational package. However, the entire process of getting signed-up, and calculating the price, is very convoluted. Amazon for Business is mature. Amazon for education seems like a discount coupon, not a well directed initiative.

The next issue is setting up management for the Workspaces. The cost of doing this at scale is currently not clear. The cost is clear online, but the actual bills do not match the flat rates. I constantly ask for my costs to be explained. I send scenarios to people at Amazon to get pricing, and then I wait for the bill. The bill never matches the predictions.

This is only part one of this research and possible new BYOD model. I am close to having what I would consider an affordable and reasonable deployment model for Workspaces with Chromebooks.

Keep in mind with Amazon you pay for what you use. Imagine having the ability to enable 60 Workspaces for one semester for students doing an Introduction to Graphic Design. Then paying only for a limited number of licenses for all the software. After the semester, students who are keen to grow and develop their skills retain access, those who want to move onto a new topic lose their access.

How many schools pay for a campus level license for Adobe Creative Cloud, yet only use a fraction of the licenses in any concurrent period?

How many schools give all students a license for Windows 10, just in case they take one or two courses where Windows is required for the curriculum?

If this concept can become reasonable and predictable, then we get much closer to the goal of being able to create equal access and opportunity without over burdening families and budgets.

Part two of this topic is pending until July, when I receive my next bill.

The future of smartphones and teachers

I normally don’t talk about phones and which one is better than the others on IT Babble. I’ve certainly got my opinions but I am intrigued with the Galaxy S9. No, not its camera or Bixby or it display. I’m interested in the Samsung DeX. This device connects your Samsung phone (yes it must be a specific Samsung phone) to a monitor and it then turns your smartphone into a desktop computing “experience”.

OK, OK, OK I understand that this desktop “experience” is just a blown up version of Android with some navigation buttons at the bottom and support for a mouse and external keyboard. It doesn’t make Word more powerful or better in this environment. It just gives you more real estate and better interactive tools. The Samsung DeX is not the only product like this out there.

Enter Remix OS for Mobile. This does pretty much the same thing as the DeX. jide is the company that makes Remix and they have some other neat products out there as well – check them out.

This gets me thinking. Will the smartphone be your only computing experience. Maybe you dock it with your desk to give yourself more features, more real estate and a better working experience than tapping at your screen.

This isn’t such a crazy notion. A number of technology blogs suspect this such as The Verge and I’ve certainly heard this rumor more than once in TWiT and in other tech circles. Let’s not forget Windows has a Universal Windows Platform. This means no matter the screen size – the app will run and resize accordingly. So what does this all mean?

I have no idea except if all I had to carry was my smartphone to work that would be awesome. The problem with that is I cannot work on my smartphone alone. Systems I need to interact with are too complex and large for simple tapping on a 4“–6” screen. It just doesn’t work. Photoshop is a good litmus test. Can a phone run a full version of Photoshop? No – then you are probably making sacrifices and compromises and some jobs just can’t make those sacrifices.

However, if (this is a big if) they can get a smartphone to do run these applications. If they can easily, seamlessly and reliably dock to a work station and give you a true laptop or desktop experience then yes – I would do this. As for docking a wireless option would obviously be better. Simply place your smartphone in particular part of your desk or on a monitor base. I like this Microsoft video of how the future will be. It gives a crazy example of how this might work

Of course there are down sides here too. Already smartphones are viewed by many educators as a major distraction, a source of extra anxiety and a possible source of addiction. Making the smartphone even more powerful and even more important than it already is would only amplify these arguments even more.

Despite that – this does look like the path we are going down. What do you think? Am I way off base here?