Password Security

Dear Colleagues,

A number of people have thanked me for my emails, and made a particular point about how they're saving all of them to a special folder to read 'later'. I know all about 'special folders' where you put things you don't have time to do right now, so I went back to my office and sobbed quietly to myself. The library was full of students, so it was a bit awkward.

Save if you like, but keep in mind that information streams from the inter-tubes much like water gently bubbles from a fire hose. Your email is likely searchable, I keep a slightly altered copy of these emails on a blog (http://teaching24-7.blogspot.com/), so keeping unread items in a folder to not read later isn't necessary - the information will be there (and if it isn't there Google will have 1.3 million hits of equivalent information).

With that in mind, I will endeavor to keep my emails down to only one or at most two items each. Quicker to skim to see if it's useful, and then pressing 'delete' if it isn't.

The first is a method to make keeping secure difficult-to-hack passwords easier to remember. I long ago lost count of the different number of sites I need a different password for. Remembering all this information is a challenge, and many people have come up strategies to meet this challenge. Using the same password on multiple sites, or 'class' of sites is one such method, using easy to remember passwords is another. I've seen passwords written on paper and stuck in drawers, and on the backs of monitors. Easy to remember passwords are also easier to guess (remember that unlike T.V. people don't guess passwords individually, they set up a computer to guess thousands of times per second using dictionaries and other common passwords). The difficulty with one password for all sites is the if one becomes compromised, they all do. It may not matter of someone hacks into your account for leaving comments on a blog, but if they can use that to get into your bank account, Facebook friends, or online email it's quite another. While someone posing as you could be embarrassing, it can also be used to ask your contacts to send you money - claiming to be stuck in a foreign country while traveling. With access to your email, it's trivial for a third party to determine when you might be out of country to make such a ploy possible. This doesn't even touch the severe and ongoing problems true identity theft can create. As a teacher, imagine if someone used your account to email all of your students inappropriate comments - I'd think I'd prefer my bank account being hacked instead.

It often seems, however, that I'm stuck in a catch-22. If I don't write a password down, I need it to be something I can remember, which means someone might be able to crack it. If I do make it complicated enough (i.e. minimum 8 characters of a mixture of letters, numbers, and/or symbols), then I need to write it down somewhere so that I can refer to it often - which opens up the possibility that someone would find my note.

The neatest solution I've seen to this problem in awhile is http://passwordcard.org/ . The website will generate a unique set of random numbers and digits that look like so:

And I know you're saying "Thanks Ron, just what I needed - another set of incomprehensible letters and numbers".

The usefulness of the card is that the card itself allows one to meet the duel purpose of having passwords that are hard to crack by people 'out there', and have something that can be taped to your monitor, put in your wallet, etc, to refer to. As an example how it works, let's say you are going to use an 8-digit combination for your online bank password. Rather than memorizing a complex string, I remember "green happy face". Going down from the happy face symbol at the top, and the green line, my new password is "RVffH3y8" which is more than sufficient to meet security requirements, and difficult to hack.

Even better, I can print out this card, have it laminated, and put it in my wallet in case I forget the password. I can tape it to my computer, keep copies in my desk, etc. It doesn't matter if someone sees the card - there are literally thousands of combinations that are possible, running the combinations forwards, backwards,

up, down or any other easy-to-remember pattern:

I can use it and not even worry if someone is reading it over my shoulder, I lose my wallet, etc. I have the convenience of keeping my password written down when I need it, but without the added worry that it could be found and used by someone else. The website also gives the option to include a few rows of only numbers (for things like PINs) and can include symbols (just to take security up that extra notch).

As well, don't have the same security password for different purposes - the password I use for my blogs should be different from the password I use for my bank. The security of some websites varies in quality. I've even had one website directly email me my password when I successfully convinced them that I didn't remember it - if something is sent in a plain email then that password has been compromised, and was never secure to begin with. Websites with proper security and encryption would either reset your password and email you a random temporary one, or a link to reset your own password. If you can read it in your email, then you can assume anybody else between you and the servers could have read it too.

So I use the card to generate multiple passwords:

In this particular example I just remember "Green Happy face down" for RKbUzQL6, and "Red Umbrella Up" for FbtECqL9. Both are difficult to hack, but I can carry both with me at all times.

If this appeals to you, I'd recommend generating a unique version at http://passwordcard.org/ and then copying that picture and printing off several colour copies. Laminate one for your wallet, put another in your safe or file cabinet as a back up.

Passwords are your first, second, and last line of defense for your personal identity - if you spend a little time creating a secure system, you will have much less to worry about later on.

Regards,

Ron Neufeld

Canada's Best Boarding School

Google, Social Studies, & Twitter

Dear Colleagues,

Given the short supply of that most precious of all resources (time), I will start with a summary of links to tools and discussion items for those that would like to explore without reading through the explanations and context that I've embedded them with.

1. Searching within a domain such as education (.edu) or government (.gov) - using the "site:" search function.
2. Using Google for definitions.
3. Google Scholar
4. Blog - Free Technology for Teachers
5. Google Earth
6. World War Battle sites for Google Earth
7. CBC Archives
8. Searching Canadian government sites with site:gc.ca
9.  Demonstrating scale.
10. Teaching About Web Includes Troublesome Parts
11.  Oh my! Twitter makes history for Google search
12.  Library of Congress archiving Twitter
13. Google making Twitter searchable
14. Twitter sign-up

I was recently reminded of the importance of proper searching in Google. As I move through the day with my CDS (Caffeine Delivery System), occasionally a student will make the mistake of trying to claim that aspartame is dangerous, on the basis of some Cquestionable website that informed them that aspartame is a 'chemical' and there exists a vast conspiracy to hide its toxic effects.
The problem is that when students (and of course I) search with something like Google, the most common way to use it is with simple search terms, i.e. "aspartame toxicity". The first page to pop up after such a simple search is one selling a book, and is a well-known contributor to conspiracy theories about aspartame toxicity. When distinguishing between fact and fiction, the most popular sites given by a simple search are often the least reliable.

Alan November mentioned using the "site:" command on Google to help eliminate unreliable search results. For example typing "site:.gov OR site:.edu aspartame" selects only websites that contain the word "aspartame" from either U.S. government sites (such as the U.S. National Institutes of Health) and educational sites from universities and schools (also in the U.S. - Canadian universities don't have a similar URL that can be used as a search criteria). The results give a completely different picture of aspartame. One the first page there is a link to the chemical formula and its history, several sites mentioning, and then debunking, the aspartame conspiracy/toxicity myth. Since using this method removes the .com's, the .net's and the .org's - all of which can be bought by anybody, for any reason. Lots of good sites are removed as well, but using this as a 'first search' for students helps pinpoint the reliable information first, before going to a more general search. Since students are inevitably getting a lot of their information through such searches, teaching such search techniques is essential to help students learn the difference between credible and non-credible information on the world wide web. This search example uses the "OR" command, which means it retrieves resources from either government or education sites - for a narrower search (such as only searching educational site) the "OR" command and the other search criteria can be omitted.

Google has a lot of useful methods to distinguish and refine the information you're looking for. In Biology 12 class some students forgot their textbooks and needed definitions while working on a worksheet. Rather than retrieving their textbook, they used the "define:" command in Google. Typing "define: androgens" returns a list of possible definitions from multiple sources - a quick read reveals to the student that this is a general term referring to male steroid sex hormones. I think I prefer this method over the "The Textbook" - it exposes them to multiple definitions, different nuances, and ensures they know it's the concept, and not the exact sequence of words, that's important.

In the same class a comment arose about sugar intake in children and its positive correlation to hyperactivity - a belief long held by teachers and tired parents everywhere. Rather than using the previously mentioned "site:" command, we checked directly using "Google Scholar". Typing "sugar behavior children" into Google Scholar immediately returns relevant results, with the most recent studies first. The first link is a meta-study debunking the sugar-hyperactivity myth. Of course not all students are trained to know the difference between good studies and bad studies, double-blind and proper controls, but at least with this search they're in the right ballpark for seeking truth, even if they end up in left field somewhere. Compared with a general Google search for "sugar behavior children", which does have both good and bad results on the first page, but the very first result is an author selling a book and a disease model of 'sugar sensitivity' to worried parents. Google Scholar is an excellent resource for any teacher, and a particularly important one to train our students to use in this information dense world.

Free Technology for Teachers is a great blog to follow for useful technology resources for the classroom regardless of your subject area, but one of the latest posts has a lot of resources for Social Studies teachers : 12 Resources All Social Studies Teachers Should Try .  One of the suggestions is using Google Earth to explore places and settings for historical settings - I'd seen examples of that before but I didn't know Google Earth has the capability to put an overlay of a battle, building, or historical map. I spent a bit of time following links and ended up exploring Dachau for too long.

I'll let you explore the blog yourself, but if you're just interested in Google Earth you can download and install Google Earth here : http://earth.google.com/intl/en/download-earth-advanced.html , and you can download world war battle sites here : http://www.gearthhacks.com/userfiles.php?user=1698 .

Another resource that makes me think of Social Studies is the CBC archives : http://archives.cbc.ca/ . They have a teacher section ( http://archives.cbc.ca/for_teachers/ ). Keeping with the world war theme, I listened to a radio broadcast from April 7, 1945, a Canadian reporter gives an account of the atrocities from a camp Canadian troops captured the day before.

Pausing before a brick wall splattered with blood and brains, the CBC's Matthew Halton tells Canadians back home about the atrocities committed by the Nazis. A day after Canadian troops capture a Nazi camp near Zutphen, Netherlands, Halton visits the site. He describes a trail of "slime and abominable crime," reporting that the worst thing you've ever read in any account of Nazi atrocities was there: "I saw and I was sick."

Serendipitously four other possible Social Studies sites were tweeted in the past week. The history site for Veterans Affairs Canada (http://www.vac-acc.gc.ca/remembers/sub.cfm?source=history), the history of federal ridings (http://www2.parl.gc.ca/Sites/LOP/HFER/HFER.asp) the Canadian Military History gateway (http://www.cmhg-phmc.gc.ca/html/index-eng.asp) and the Aboriginal Canada Portal (http://www.aboriginalcanada.gc.ca/acp/site.nsf/eng/ao04588.html). All are great resources, but similarly to the first topic I notice that the Canadian government seems to have settled on a site URL: ".gc.ca".
This brings up the possibility of directing students to include searches that specifically search the Canadian government's website for information using the "site:gc.ca" command on Google.

For example, what reliable information does our government provide on the Vietnam war? Google search site:.gc.ca vietnam war . I've found both the Canadian and American government site searches (.gc.ca & .gov respectively) give a lot of excellent scholarly and reliable information for students.

I couldn't leave without at least one technology tool devoted to science: http://learn.genetics.utah.edu/content/begin/cells/scale/. This is a wonderful flash demonstration showing relative sizes from a coffee bean to a carbon atom - scale is hard to grasp and this little tool does a great job of getting it across. Thanks to "A" in Bio12 for bringing it to my attention.

A NYT article titled "Teaching About Web Includes Troublesome Parts", and a blog article "Oh my! Twitter makes history for Google search" commenting on the fact that the Library of Congress is going to archive every public Twitter comment made, right back to its inception in 2006, and Google is also going to make all comments searchable. As an archive for history and posterity, there is a wealth of data.

I remember when it was announced that ice was found on Mars. How was this news first announced? TV, Newspaper, or blog? None of the above - it was tweeted from the Twitter account of the Mars Phoenix Lander directly (sadly, the little guy seems to have died). From breaking news to marriage proposals, our collective Tweets are being saved for posterity. (And if you're not on Twitter why not start now?).
Regards,

Ron Neufeld

Canada's Best Boarding School

JayCut, Margaret Atwood still alive, and some crazy

Dear Colleagues,

First a new tool for student video projects, Margaret Atwood, science / math video links, and some news stories.

The neat new tool is JayCut, a free online video editor that offers the ability to export the videos to YouTube or download directly in different formats. I have found video projects, particularly screencasting, to be a useful addition to the regular types of projects I assign. Not only are students picking up some valuable secondary technology skills, but I often find that students who have have to show that they understand a topic via video understand it better than those that just write about it. The difficulties with plagiarism and students copying the work of other students is also discouraged quite naturally - if you're forced to explain a concept with your own voice and in your own words it doesn't really matter if you got the information from your textbook or another student - you still have to learn it.

How does something like JayCut help? One of the significant difficulties I have with projects that are based on a technology is my own ignorance when facing the multiple different editors and laptops that students bring to class. Windows comes with its own video editing software, and so do Macs. I could force the students all to use Windows Movie Maker, software that's installed on the school computers, but that would punish those students with Macs as their ability to work on the project during prep would be limited. Something like JayCut gives everyone, from teacher to student, a common platform to work and edit their projects. Students could even share an account to collaborate during prep or otherwise separated by time and space. For trouble-shooting it also gives the teacher a common platform to become familiar with. Now if a student has problems using a unique video editing program, I tell them to put it into JayCut and I'll help them from there. There are some limitations, such as a maximum video length of 30minutes. Oh, and speaking of Macs, here's a completely unrelated vid on how to make an iPad float. Now, I need to convince my dept. head that an iPad is essential for my classroom and charge it to the science department....

In terms of building a PLN, I noticed that Margaret Atwood has become One Of Us; she's on Twitter. There's a recent article "How I learned to love Twitter" which helps explain how being part of Twitter is about being part of and developing a community. I remember reading Margaret Atwood when I was in school. At the time I thought she was one of those dead Canadian authors. Apparently I was wrong. The ability to observe (and possibly interact with) the authors of books under discussion seems an intriguing development, completely aside from Twitter's value as pro-d resource.

For those in Math or Science I would recommend checking out Khan Academy; a comprehensive set of YouTube videos on Math, Chemistry, Physics, Biology, arranged by topic. (The vision of the author is to provide high quality educational instruction anywhere in the world, for free.)

Lastly, some newsyish items that are related to education and to technology. (By technology, I mean I read about it online and it caught my outrage long enough to pay attention. That's a significant selection bias.)

A student in Mississippi (Constance McMillen of Itawamba Agricultural High School) wished to take her date to the prom, but there was a little snag. Her date was of the same gender, which was against school policy. This request was denied, and Constance was also told that if they arrived separately but danced together they'd be thrown out. Oh, and girls aren't allowed to wear tuxedo's either. You can check out the story here, and a Facebook fan page here. But wait! It doesn't end there. Apparently, feeling pressure afterwards, the school did decide to hold the prom. Except that it is looking like it was a decoy prom, that only Constance and a few other (presumably also less popular) students were invited to, while the 'real prom' was held somewhere else. It's not confirmed that the school officials were involved in the deception...but knowing what's involved in planning any event with students it would be difficult to defend the position that they did not. And the historical parallels alone...

Secondly item - I made the mistake of going to Fox News 'health' section (in my defense I found that the health section of USA Today was blocked by our proxy, and I wanted to check if it was all news sites, or just some), and I found this: Sex Education Could Mean Charges for Teachers. The logic is thus: teaching about contraception encourages sex, minors are not allowed to have sex, therefore teachers who teach about contraception are guilty of sexual assault. This is the opinion of a district attorney. Really really.

Regards,

Ron Neufeld
Canada's Best Boarding School

Spying, Did You Know, Blogging, TED and PLN

Dear Colleagues,

You've probably already heard about the school that's facing some criticism for spying on its students while they were in the privacy of their own home. If you hadn't, apparently they embedded the ability into the students' laptop to turn the webcam on and off remotely - http://education.change.org/blog/view/school_uses_laptops_to_peer_into_students_bedrooms.

A new "Did You Know 4.0" for Sept 2009 (numbers and references are to the U.S.) - http://www.youtube.com/watch?v=6ILQrUrEWe8, as well there is "An Open Letter to Educators" from YouTube - A rant about institutionalized education that's been pinging around the blogosphere - http://www.youtube.com/watch?v=-P2PGGeTOA4 .

For those of you with an iPhone or iPod Touch - Top educational apps for iPhone / iPod Touch - http://www.speedofcreativity.org/2010/03/01/top-10-education-apps-for-ipod-touch-and-iphone/ .

An article on why teachers should blog - http://teachpaperless.blogspot.com/2009/09/why-teachers-should-blog.html. I would add that it indirectly presents an excellent case of why students should blog as well, and the last article is "Is Internet access a civil right" - http://teachpaperless.blogspot.com/2010/02/yes-internet-access-is-civil-right.html.

For a 'last resource', a video from TED. If you have not, as a teacher, investigated TED, you should. TED is a small nonprofit devoted to "Ideas Worth Spreading", and invites interesting speakers to conferences and makes these speeches available online. The topics and ideas may be controversial, but always thought provoking and interesting. My latest favorite directly addresses the interplay of science and ethics and defends the idea of objective moral standards - http://www.ted.com/talks/sam_harris_science_can_show_what_s_right.html - worth the 23min.

If your classes include any kind of philosophy or discussion component, check out TED if you haven't already.

Of course, I suspect the indirect conclusion at least some people will take from this email is "Ron either has far too much time or should probably should stop wasting his time on the Internet". That's probably true, but then this email wouldn't have a point, so I'll ignore it. The key point I would like to make is that I did not spend any time 'hunting' for the TED video on ethics, or any time searching for interesting blog articles to post in this email. Each of these emails is a demonstration of the power of a PLN, or Personal Learning Network. Rather than using a search engine such as Google to find resources, a good PLN brings filtered resources to you directly. There is so much content produced every hour, let alone every day, that despite Google's best efforts often good resources slip by, but at the same time actually spending time searching for these resources would be a relatively inefficient expenditure of time.

If it wasn't for a PLN I wouldn't have known to search for "Sam Harris Morality Ethics" on Google to even find his talk, and there's no guarantee that even if I did that it would be within the first few search pages.

Although searching, and knowing how to search, is still a useful skill for seeking specific resources, a PLN leverages serendipity. There are a lot of people spending a small amount of time talking about their passions, whether that's on their blog, or Twitter, or YouTube channel. Once you do find someone that knows what they are talking about (for me that tends to be teachers, scientists, and authors) there are a variety of ways to add them to your PLN. In many cases this can be subscribing to their blog, Twitter feed, or equivalent, and getting an email when they post something new. Since you already have determined they provide quality content, this provides a resource that's often more efficient than searching through the mounds of irrelevancy present in a search engine. As a system, since pushes sources you've selected directly, it can be used, saved, or ignored.

Even email, however, can become unwieldy. I follow 75 separate blogs, 53 people on Twitter, and 80 video uploaders on YouTube. Even with email notifications, this quickly becomes unworkable - there's no way I can keep up with every post, nor do I want to. I want the PLN to work for me, and not against me in terms of my (usually insufficient) time.

To make sense of it all, many of these sources incorporate an "RSS feed". Rather than waiting for someone to load the website, the RSS feed allows people to pull the content to them, using a program or secondary website. The end result is that I don't read 75 separate blogs. I scan my feed reader (Google Reader in this case) for the current selection of new articles since the last time I scanned. Most I skip as either uninteresting, not useful to me personally, and only check out the few that apply to me. If I see a useful resource for next year I can bookmark it (Chem 11, Gas Laws, Funny), if I notice something for someone else I paste it into a draft email for staff. It provides new ideas and resources every day, tailored to my interests, but incorporates the possibility I'll encounter something I'd never have thought of. The best part is that beyond discovering the resources in the first place, I don't actually have to do anything. I have it set up to load as my homepage when I start Fire Fox, so if there is anything interesting, I'll see it eventually. A little bit of useful Pro-D every day, rather than a few days at a conference once a year where I don't have a chance to preview the content, has been the most efficient Pro-D I've ever experienced.

I won't get into the specifics of setting up a feed reader, creating a PLN, or the details of RSS feeds (although I will in the future). If you're interested, there is loads of information online for the self-starters. If you'd like to have a look at setting up a simple PLN, or just following a few blogs, please come and have a chat. It's quite easy to do, and can be made to be very unobtrusive. I'm in the library again this week :)

Regards,

Ron