Skip to content

Wayne State University

Aim Higher

Jun 27 / Geoffrey Nathan

Replace Pipeline with Academica in your Bookmarks, soon

Pipeline is about to be replaced with a totally new, social-media-oriented website/portal called Academica. It is device-agnostic, which means it works with all computers, all tablets and most smartphones (something people have been requesting for almost as long as there have been smartphones).

It’s also smart itself. It remembers the tasks within the system that you use most, and bubbles them up to the front page so that most common tasks are always one click away. For example, if you’re a faculty member it will put Download Classlists and TravelWayne up front and center, but if you have to approve timesheets that link will be right there as well. In general most tasks should be no more than one, or at most two clicks away.

It also comes with a built-in messaging system that is similar in features to Twitter. It allows you to use hashtags (#hashtag) and mentions (@GeoffNathan). There will be streams associated with a number of common topics of discussion, as well as streams for departments and one for each class being taught.

Academica is still being developed (technically it’s in beta), but you’re welcome to try it right now. Just go to academica.wayne.edu and log in as usual. You will have the option to switch to exclusive use of Academica (instead of Pipeline), but there is always a button available to switch back to the old Pipeline interface if you need to.
Since it’s still under development, C&IT is looking for feedback, which you can send by writing to academica@wayne.edu, or by going to http://computing.wayne.edu/academicafeedback .

The official roll-out will be some time in the fall, but feel free to play with it now. Who knows, you may never want to switch back to Pipeline. Academica and Pipeline will both be available at first, but Pipeline will be shut down in the 2014-2015 academic year when we are confident that Academica can support all of our campus needs.

Here’s a preview of what the interface looks like, showing only the links part:

Academica Links Section

Jun 24 / Geoffrey Nathan

Comics make poignant comments on technological change

Last Thursday’s Free Press had two cute comments on the digital age divide:


Source


Source

Jun 11 / Geoffrey Nathan

Important Federal Court Decision on Online Book Search Engines

The 2nd Circuit Court released a decision today in a case involving the Hathi Trust, which has been scanning old books and making them available online for search purposes. Some author’s unions sought to prevent them from doing this on copyright grounds, but Hathi (and many supporters) argued that the open-source non-profit partner with Google Books was entitled under the ‘fair use’ provision of the Copyright Act to scan millions of books (including, particularly, ‘orphan’ books whose copyright was still valid, but whose authors were either long gone or unlocatable) and make the results searchable.. Hathi Trust is an invaluable tool for historical, linguistic and literary research because it means that millions of out-of-print books were accessible to the world of research.

This doesn’t mean you can now just read any book in their repository. You can’t. What you can do, however, is search for every instance of a word in the millions of books and get the surrounding context for each use (which is a gold mine for linguists), or find mentions of historical events or people (or political theories or scientific experiments) in millions of books scattered around the country.

The court’s conclusion was that making snippets available through searches, and making entire texts available to the visually impaired constituted fair use through the ‘transformative’ clause of the fair use clause (you can read all about it on the  WSU Library’s Copyright page).

Here are two news items on the court case:

Volokh Conspiracy (libertarian law school-oriented blog)

Inside Higher Ed

Jun 3 / Geoffrey Nathan

Phishing is getting better (and the pain is worse)

Recently a number of universities (including Wayne State) have been hit by a particularly vicious phishing trick. Faculty with relatively high salaries receive what look like official notifications to ‘verify’ their login details. If they click on the link in the email they are sent to university web pages that look very much like the standard login page (complete with appropriate wordmarks, layout etc.)  This kind of phishing is called ‘spearphishing’, because the attacks are not random, but carefully targeted, so the email message looked like it was directed to the addressee–it had their name in it, and perhaps their chair’s name, or the name of the VP for Administration. However, after they enter their credentials they eventually find that someone else has logged in and changed their direct deposit to a bank in another country. Often a pop-up bank (similar to a pop-up restaurant but not nearly as tasty). By the time the deception is discovered (usually when the victim notices that their real account never received the deposit) it’s too late.

All the universities that have had this happen have had to make good on the lost paychecks, and with lots of full professors getting caught that’s a lot of money the universities don’t have to spare. How can you resist getting sucked into these scams?

  • Never log in to a Wayne State account by clicking on a link in an email.
  • Always go directly to the appropriate website by typing its address into your browser (blackboard.wayne.edu, pipeline.wayne.edu, academica.wayne.edu).
  • Make sure that the address that shows in the browser once the page has ‘painted’ begins ‘https://…
  • Change your password immediately if you think you have fallen for one of these scams.

Here are some other universities that have been caught (so you can see we’re not outliers): https://oit.ncsu.edu/news-releases/look-out-for-phishing-email-targeting-your-direct-deposit http://www.bu.edu/today/2014/internet-scammers-change-some-bu-direct-deposit-accounts/ http://uis.georgetown.edu/page/1242745504502.html http://www.annarbor.com/news/university-of-michigan-spear-phishing/

Finally, our colleagues at U of M put together an excellent video about phishing which is worth watching (you can just ignore the hype about ‘Big Blue’ :-) )

http://safecomputing.umich.edu/main/phishing_alerts/spear-phish.php

May 1 / Geoffrey Nathan

Further thoughts on email in the cloud

A couple of months ago I wrote about a future Wayne State  email system based in the cloud. At the time we were considering Gmail and Microsoft’s Office 365. Since then we’ve pretty much settled on the Microsoft offering, although no formal decision has yet been made.

An alarming development at the University of Illinois Chicago about a month ago made many question the value of working with Google–an infected machine on the UIC network caused Google to block them from sending any email from UIC. This is something that occasionally happens (every now and then AOL or someone like that blocks Wayne State email for a day or so). What was alarming was that it took Google almost two weeks to unblock UIC’s mail, mostly because they were unable to get hold of anyone at Google. That certainly didn’t help Google’s reputation among universities.

Even more interesting is the fact that Google normally uses their customers’ data to tailor ads. You may have noticed that ads in your Gmail account sometimes reflect something you searched for in Google earlier in the week. This is not a coincidence–Google admits that they do this. When universities contracted with Google to use Gmail, they agreed to Google mining the email to target ads, even if the ads didn’t show up in the university-based email accounts.

Yesterday Google announced that they would no longer mine academic Gmail accounts. Apparently the drumbeat of the privacy advocates got a little too loud for them. I’ll be attending an academic computing privacy conference in DC next week–no doubt that will be one of the topics of conversation.

Apr 23 / Geoffrey Nathan

Maybe our students aren’t so savvy after all

And maybe we aren’t either.

An article in this week’s Chronicle suggests that we’re on shaky grounds if we assume our students know tons about how the Internet works and what that means for their (and our) future.

A couple of faculty  at Northwestern (Eszter Hargittai and Brayden King) teach a course called ‘Managing your Online Reputation’, where they encourage students to find out what the Internet knows about them and think about what it’s advertising to the world.

Their idea is that students should be encouraged not only not to post videos of stupid things they might have done, but also to think about posting (tweeting, instagramming, tumblr-ing) positive views about their skills, attainments, knowledge and capabilities in a way that the usual searches will turn up not only nothing bad, but rather some good stuff.

The course was based partly on research by one of the faculty (Hargittai) that showed that, contrary to what many of us believe, many students today know less about online life than most of us. For example,

about one-third of the survey respondents could not identify the correct description of the ‘bcc’ email function. More than one-quarter said they had not adjusted the privacy settings or content of social-media profiles for job-seeking purposes.

My experience has been that I have a few students who are really tech-savvy, a few who have no idea what they are doing, and the rest somewhere in between. And, of course,  being tech savvy is a moving target. I’ve been doing email since 1990, so I certainly understand how that works. But I only joined Instagram about a month ago, and Tumblr  a few weeks earlier than that, mostly to follow a nephew who’s traveling around the world and documenting it on Tumblr.

On the third hand, I actually understand what the Heartbleed vulnerability is exploiting (and I even understand what that last sentence means…).

Anyway, some food for thought.

And, for a contrary view, try this. And for an even more contrary view on brand-building, there’s this.

 

Apr 11 / Geoffrey Nathan

How to prevent your heart from bleeding

By now probably everyone has heard about the Heartbleed problem, but just in case you haven’t, here’s a quick summary. One of the programs1 that websites use to communicate securely with customers, called OpenSSL, turns out to have a vulnerability that would let bad guys snoop on traffic to and from those websites even though the data exchanged between them is supposed to be encrypted (as indicated by the icon of a closed padlock in the address bar, and https in the address itself).

The accidentally unlocked ‘door’ has been around for a while, and so there is a chance that your communications with Gmail, Facebook, tumblr and others have been snooped on. There is even a chance that your password has been swiped, and, of course, if you use the same password in various sites, any stolen password will work on all those sites.

What can you do? First of all, all your Wayne State data is safe–the WSU systems were not running OpenSSL, so they are all safe. The Wayne VPN is vulnerable, but the VPN itself was protected from external attacks in another way, so there is no risk there. But, of course, you have passwords on many other sites, and for some of those you should probably consider some password ‘maintenance’. Specifically, you should probably change those once a month for a while. I’ve already changed my Gmail and Dropbox passwords, and am working on several others.

The real takeaway from this event is that you should not reuse passwords from site to site. Of course, that’s easier to say than to do–most of us have dozens, if not hundreds of passwords, so some kind of password management device is becoming more and more necessary. I, myself, use Lastpass, which stores my passwords online (of course I use a unique, complex but rememberable password for that). It not only stores all my passwords, it even suggests complex non-memorable passwords. Since it will automatically fill them in for me I don’t need to remember them. If you don’t like having it fill things in automatically you can invoke it (there’s a plug-in for every popular web browser), display the password and copy it into the relevant website as you log in.

Note that I have no connection with Lastpass, and there are other worthy competitors such as Keepass and Roboform. You can read a review of them here

Lastpass has an interactive form you can use to see whether your favorite websites have been protected. You can find that here.

If you are interested in the technical details on how Heartbleed works you can watch this video , which lasts about 8 minutes. It’s not horribly abstruse–if you kinda know how websites communicate with your computer you can follow it.

Mashable  has a good summary of which websites you need to worry about.

One final thought. NEVER send your password to anyone for any reason through email. And, in fact, if an email tells you to change your password, if you think it actually is authentic, don’t follow a link in the email to change it. Instead, use a bookmark, or type in the web address yourself, so that you know you are changing the password in the right place, and not in a rogue server in Tuvalu.

———-

1 I know that calling it a ‘program’ oversimplifies things, but this characterization will suffice for our purposes.

Feb 24 / Geoffrey Nathan

The comics and other famous people discuss the NSA’s surveillance programs

In the past weeks, Pearls Before Swine and Dogs of C-Kennel commented on the NSA surveillance program. These comics run in the Free Press (and elsewhere, of course).

Pearls Before Swine

Pearls Before Swine Comic 1

Pearls Before Swine Comic 2

Pearls Before Swine Comic 3

Dogs of C-Kennel

Dogs of C-Kennel

 

On Friday The Guardian, which has been hosting most of the significant revelations about NSA surveillance, has a series of think pieces on the topic, including one written by Edward Snowden himself, as well as one by Tom Stoppard (!):

http://www.theguardian.com/books/2014/feb/21/on-liberty-edward-snowden-freedom

And finally, this morning, on CNN, Bruce Schneier, the inventor of the term ‘security theater’ proposes a new future for the NSA. He points out that some of the NSA’s activities actually make us all less safe. Schneier spoke on campus a number of years ago and his writings on security, both electronic and physical have had a major influence on my understanding of security theory.

http://cnn.it/1gvXzLR

Feb 12 / Geoffrey Nathan

Is it time for your email to have its head in the cloud?

C&IT has used the Zimbra email system (branded as Wayne Connect) for a number of years now, and is looking at other cloud-based alternative systems. Across the country a number of universities have adopted Google Apps for Education as their email system1, and others have settled on Microsoft’s Office 365 Education suite2.

These products enable universities to provide ad-free, University-branded email accounts hosted and maintained by Google or Microsoft. The interface would be similar to either Gmail (Google’s popular email service) or Outlook.com (Microsoft’s webmail answer to Gmail). I’d be interested in hearing from folks who use one or the other about your experience with them and any preferences you might have. Note that Outlook.com is not the same as Outlook on your desktop – Microsoft simply wants consistent branding. Both Gmail and Outlook.com can be synced with Outlook on your desktop if you are used to that kind of setup.
Adding to the mix, both of these solutions will include collaborative document editing, and if you have used either company’s tools (Google Docs or Office Web Apps), thoughts about those would be useful too.
Please use the comments section below, or feel free to email me directly if you would prefer not to share your thoughts with others.

——————–

This includes the University of Minnesota, UCLA, Brandeis, Rutgers, Maryland and the little college down the road in Ann Arbor.

2 Universities using Office 365 include Duke, Emory, Iowa and University of Washington.

Jan 27 / Geoffrey Nathan

Attend a Live Webinar This Thursday on Internet Privacy

Speaker: Robert Ellis Smith, privacy expert and publisher of Privacy Journal

Date: January 30, 2014

Time: 1-2 p.m. ET

Location: TRC located in the Purdy/Kresge Library

Join me as I host a a free, hour-long nationally broadcast webinar, “Location, Location, Location.” Two contradictory federal court decisions in 1979 and in December 2013 focus on whether the National Security Agency’s massive data collection program is constitutional. The NSA argues that their actions are legal because they do not probe into the content of phone calls, only the digits dialed to and from a phone. A 1979 U.S. Supreme Court opinion held that collecting data on dialed phone numbers, but not acquiring the content of the calls does not require a prior court order.

Today that decision does not make sense. The extent to which many people rely on their phones means dialing information establishes patterns of personal relationships and can reveal private interests, needs, and even our locations. This information can include employment or credit information, and can be far more sensitive than our commonly disclosed medical and financial records. It has the potential to be every bit as revealing and damaging as the content of our conversations.

Everyone who is exposed to this new technology must recognize this new reality. The principles of fair information practice do not fit this important change in sensitivity. And, of course, the new reality may change again in an instant. This is an example of how learning the historical development of privacy concerns helps us focus our efforts on what is most important today, not on concerns of the last century.

Light refreshments will be provided.

If there is sufficient interest a discussion will follow, or a further local forum will be arranged.