Author Archives: pappp

Article note: Even CollegeBoard isn't enough of a control freak to believe in remote proctoring, and is re-developing the at-home AP exams for open-note reality. Take note, y'all.

Article note: "We decided we wanted to pay for the runtime overhead of a dynamically typed language, and the programmer up-front effort of a statically typed language, but without getting all the benefits of static typing."

Article note: Oooh. It may be partly all the people who are no longer pooping on company time with company institutional-grade TP causing a market ripple. Interesting. That makes sense.

Article note: I installed an under-seat bidet in my apartment a couple years ago and I'm never going back.

Article note: Touchscreens have always been a UX disaster, at least we're finally having to admit it and change course because touchscreen suck is _literally killing people_ in cars (and Naval controls the US DOD got taken on).

Article note: Eeeh. Not _that_ bad, it's a MITM on the package system because HTTP transport and Checksums was fine in past decades and grossly inadequate now.

Enlarge (credit: OpenWRT)

For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said.

OpenWRT has a loyal base of users who use the freely available package as an alternative to the firmware that comes installed on their devices. Besides routers, OpenWRT runs on smartphones, pocket computers and even laptops and desktop PCs. Users generally find OpenWRT to be a more secure choice because it offers advanced functions and its source code is easy to audit.

Security researcher Guido Vranken, however, recently found that updates and installation files were delivered over unencrypted HTTPs connections, which are open to attacks that allow adversaries to completely replace legitimate updates with malicious ones. The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.

Article note: Zoom, like so many pieces of technology, is a total shit show that got thrust into widespread use when it was _entirely_ unprepared, and it's the modern era tech so a lot of the lack of shit-together is valley-bro data safety hubris. I'm pretty impressed that it's holding up as well as it has technically, and glad they're getting held accountable for policy.

Enlarge / Zoom's San Jose, Calif., headquarters looks like a lovely place to be socially distanced from. (credit: Smith Collection | Gado | Getty Images)

We have several more weeks, if not several more months, to go in this sudden era of Everything from Home. Work from home, school from home, funerals from home, church from home, happy hour from home—you name it, and we as a society are trying as best as we can to pull it off remotely. Tech use as a result is up all over, but arguably the biggest winner to date of the "Oh, crap, where's my webcam" age is videoconferencing platform Zoom.

Zoom's ease of use, feature base, and free service tier have made it a go-to resource not only for all those office meetings that used to happen in conference rooms but also for teachers, religious services, and even governments. The widespread use, in turn, is shining a bright spotlight on Zoom's privacy and data-collection practices, which apparently leave much to be desired.

The challenge is particularly pronounced in the health care and education sectors: Zoom does offer specific enterprise-level packages—Zoom for Education and Zoom for Healthcare—that have compliance with privacy law (FERPA and HIPAA, respectively) baked in. Many users in those fields, however, may be on the free tier or using individual or other types of enterprise licenses that don't take these particular needs into consideration.

Article note: My own thoughts from the initial effort: - Trying to do all-asynchronous or (much, much worse) all synchronous is a fools errand. You're gonna have to do mixed mode, with some consume-at-leisure delivery and some interactive Q&A time. - You need a document camera, the digital whiteboard things don't cut it. Improvise one if you have to. - Most students aren't as auto-didactic as we'd like to imagine, just like always. Design accordingly. - Make sure you and your students do their best to carve out "work time and place" - Accommodate where you can; your students have access limitations. They have little siblings or children borrowing their computers for their own classes. They have flaky connections. At the same time, hold the line on demonstrating competence. - Spyware "anti cheat" gadgets are harmful bullshit with differential inconvenience, design to deal with the fact that students will be getting reference material and communicating instead of wasting your time trying to stop them.

Enlarge / A virtual classroom setup. (credit: Chris Lee)

"Remote teaching sucks. It's yucky, and it is not the future of education."

Thus spake my wife, a high school English teacher with many years of experience. And she's right. I teach at a university, and we have also moved to virtual lessons in the face of COVID-19. Even before the current crisis, I already made extensive use of digital tools in the classroom. However, virtual lessons are a poor substitute for actual in-person instruction. Let me take you on a tour of a future that we all should be trying to avoid. (It isn't all doom and gloom, though; we've discovered some hidden treasures as well.)

The problem is that teaching is an intimate activity: students give up a certain degree of control to the teacher and trust that person to help them master some new topic. It doesn't matter how big the class, that intimacy is unchanged for the teacher. Teaching is personal. Yes, from the student's perspective, a one-on-one lesson is more personal than a lecture delivered to 500 students. But the anonymity and safety in large classes does not mean that teachers are not seeing and modifying their approach via instantaneous feedback from their classes.

Article note: It's a weird time to get around to it, but YES PLEASE. I would like to finally be able to order weird specialty boozes and cheap internet wine as a KY resident.