That is the tag line or motto on the web site BallotBin (www.ballotbin.com). I discovered this wonderful site recently when I was asked to help out with the voting for the center court design for our new gym floor. The set up was that we wanted to be able to display the submitted designs (some student work and some professional) and then have people vote for their favorite student design and their favorite professional design.
I found the site and played around a little. I originally had some difficulty getting the images to display on the ballot but with a simple email to them, this problem was fixed.
The way the site works is this: You set up a “bin” and create your ballot. If your ballot includes pictures, you need to post the pictures to a site like photobucket. Once you have created the ballot, you decide how long the election will be open and how you want people to access the ballot. You can import a list of email addresses (comma separated) or send a link out with instructions for users to register via the web or via email. Whichever method you choose, once people are registered, they get an email notification with a link they can use to vote. Once they vote, they can’t vote again from that email address. You as the administrator of the vote can see who has voted and who registered to vote but can’t see how they voted. You can view the running results via your ballotbin account. The only downside I see to this web-based application is that there did seem to be a bit of a variable delay between registration and email notification.
At the end of the election, you can pull down the results in a .csv file.
Although we used it for a simple selection of a new center court design, the power of it goes far beyond that. It would be interesting to see how it would work in say a student body class officers election.
Posted by gpage on Oct 7, 2009 in
General Most likely, you have seen or read the news over the last few days regarding what was originally called a “hack” in to Microsoft’s Hotmail and Google’s Gmail systems. It turns out that some 10,000 to 20,000 user names and passwords were harvested from various webmail providers including Hotmail and Gmail. The list of user names and passwords were then published on a web site for the world to see and for miscreants to get a source of passwords so that they could use these mail accounts for their own purposes. After the publishing of the list, both Microsoft and Google revealed that this list was not the results of hacking but the results of a phishing scam. The original list that was posted has been removed from the web but there are copies floating around the web.
Being an educator at heart, I am always looking for the teachable moment. This teachable moment focuses on three topics, hacking, phishing scams and strong passwords. In the next few paragraphs, I would like to look at each of these briefly and give some pointers on what they mean for your computer use.
Hacking – according to dictionary.reference.com, hacking (in regards to computers) is “to devise or modify (a computer program), usually skillfully.” Originally, this was used in a positive way and saying that someone was a “hacker” was a complement meaning that they were an extremely skilled computer programmer. The Wise Geek website defines hacking as, “the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.” Someone that aspired to be a hacker is really someone that desires to know how computer hardware and software really works. Unfortunately, a few bad apples have given hackers a bad name. They have, instead of hacking for intellectual reasons, used their skills to find ways in to otherwise secure systems for nefarious purposes. The negative connotations associated with being called a hacker have now made it an insult or even applied a label of criminal in most peoples’ minds. According to both Microsoft and Google, their sites were not hacked. Skilled programmers did not modify their sites in order to gain a list of user names and passwords. The sites were not hacked but rather 10,000 to 20,000 users of the sites were victims of a scam called phishing.
So, what exactly is phishing? According to Wise Geek website, ”A phishing scam is an identity theft scam that arrives via email. The email appears to come from a legitimate source such as a trusted business or financial institution, and includes an urgent request for personal information usually invoking some critical need to update an account immediately. Clicking on a link provided in the email leads to an official-looking website. Personal information provided to this site, however, goes directly to the scam artist.” If you have been using email for any length of time, it is almost guaranteed that you have seen at least a few of these in your mailbox. They usually look official and usually threaten to disable your account if you don’t respond immediately. Some of them are designed to look like they come from a bank or credit card company and others from email providers. Both ebay and paypal have been targets of phishing scams. In general, the process works like this. The scammers acquire a list of email accounts (either by harvesting from the web or mailing lists, buying a list from harvesters or sometimes just by using a name dictionary to randomly guess names). They compose a realistic looking email. These emails sometimes even pull graphics from the genuine website of the bank, mail provider or other target. The scammers then use some trickery to hide where the email is being sent from. They spoof the address to look like it comes from an address on the target’s system and then send it out in such a way that it is difficult to track it back to the original, real sender. The scammers will send this same message to thousands or even millions of email addresses. It only takes a very small percentage of the recipients falling for the scam to give them the info that they are after. In the case of phishing for email account information, they now have, from those that fell for the scam, user name and password information and can take over the email accounts for their own purposes. In the case of financial information, they now have, depending on the info they asked for, credit card numbers and/or on-line access to the victims’ banks. This type of scam is what was used to harvest the thousands of user names and passwords from Hotmail and Google.
This incident and the publicity surrounding it highlights not only the gullibility and naivety of a percentage of the computing public but also the weak password choices that a number of users choose for themselves. This article by Acunetix explains that a copy of the list of user names and passwords was obtained before the original posted list was removed from the web. The writer of the article eliminated any user name/password pairs that had no password (most systems won’t allow use of blank passwords so these were treated as bad data). This left him with 9843 passwords to examine. He then did a statistical analysis of the passwords listed. Some very interesting things were brought to light by his analysis:
- The most commonly used password in the list was 123456 (64 people had this as their password)
- Second was 123456789 (18 people)
- 3,713 = 42 %; lower alpha passwords : passwords containing only characters from ‘a’ to ‘z’. Example : iloveyou
- 291 = 3 %; mixed case alpha passwords : passwords containing characters from ‘a’ to ‘z’ and from ‘A’ to ‘Z’. Example: ILoveYou
- 1707 = 19 %; numeric passwords: passwords containing only numbers (’0′ to ‘9′) Example: 123456
- 2655 = 30 %; mixed alpha and numeric passwords: passwords containing characters from ‘a’-’z’, ‘A’-’Z’ and ‘0′-’9′. Example: Iloveyou12
- 565 = 6 %; mixed alpha + numeric + other characters. Example: 1Love You$%@
This set of statistics points to the fact that, at least for this relatively small sample of users, choice of strong passwords is rare. Only 6% of these users chose passwords that contained upper and lower case letters, plus numbers, plus other characters. I realize that this is NOT truly a good statistical sample. These users were not randomly selected. they are all victims. Also, considering the shear number of email accounts out there, I doubt that 10,000 accounts is a large enough sampling. From personal experience as a systems administrator though, I think these stats may not be far off as an example of how people pick weak passwords.
So, what are we as users to do about phishing scams and passwords?
For the phishing scams, first and foremost, realize that most sites will NOT contact you via email to ask you to change your password or update your account information. Most will do this by putting a message up on their site that you will see the next time you log in. Second, never use a link in an email to access secure sites. Use a bookmark to access these sites. If you get an email and wonder if it is legitimate, see if your mail client has the ability to show you full header information and/or the raw source email. The header information shows you where the email originated and other information about how it got to you. The raw source of the email will show you where the links actually point send you. Both the headers and the raw source of the email can be a bit difficult for the average person to understand. Ask a friend that is more knowledgeable and they will probably be glad to help you understand it. Don’t feel foolish about doing this. Better to ask a few questions than to end up a victim. Your geeky friend will be happy to help (most like to share their knowledge).
For the passwords, do a bit of research and follow some guidelines. A simple Google search turned up an extensive wiki article on password strength. Though much of the article is much more in depth than even I want to take the time to read, it does include some straight forward guidelines that can help you create better passwords. They include:
- Include numbers, symbols, upper and lowercase letters in passwords
- Password length should be around 12 to 14 characters
- Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (eg, dates, ID numbers, ancestors names or dates, …).
If you can follow some or all of these, then your passwords will be stronger. You may not be able to follow all of them due to systems limitations (my mail server for example, is currently limited to a maximum of 8 characters in a password). There are also some websites that can help you by randomly generating passwords for you. Do a Google search for “password generator” and you will likely find a web site that will randomly generate a password that you can use.
Tags: Gmail, Hacking, Hotmail, Phishing, Security
Just a quick note to say that thankfully, I listen to myself and others when they say, “Make a backup before attempting any upgrade!”
I spent this AM following the instructions for upgrading my WordPress installation (this blog) from version 2.6.x to 2.7.1. I am VERY glad that I followed the first step listed in the upgrade instructions: “Backup your database.. and all WordPress files”.
The upgrade did not go well and broke everything. I had to restore from backup to get it functional again. Better to have a backup and restore from it so that you can upgrade another day than to have no backup and have to start from scratch!
Posted by gpage on May 15, 2009 in
Cool toys / tools,
General Anyone that knows me, knows that I LOVE technology. That is why I am in the job I am in. I love cool tools. I want to make them available to others and I want to help others learn to use them. Gadgets and toys are amazing and never cease to astound me. The advances in technology in the 20 plus years that I have been doing this are mind boggling.
Every so often though, I have an experience that makes me step back and wonder whether we may be going too far and relying on technology too much. A simple example of the detrimental effect of this would be the fact that most of our young people can’t do simple arithmetic anymore. If the cash register at McDonalds doesn’t tell them how much change to give, they are lost. A recent experience made me realize that more than just simple arithmetic is at stake here.
I do a lot of traveling around Vermont and New Hampshire for meetings and work related to the several organizations that I volunteer to serve with. I have wanted a GPS for a long time and finally bought one a week ago. The timing was perfect. I was scheduled to do some chainsaw work cleaning up from this past winter’s big ice storm. I needed to meet the rest of the team in Peterborough, NH where we had 2 houses that needed our assistance in cleaning up tree damage. I plugged in the address for the first house the night before and the Garmin Nuvi 255w gave me an estimated trip time. This allowed me to plan my leaving time so that I would arrive on time to start work. How convenient! I got up Saturday, traveled, with the guidance of Gina (my daughter named the GPS already) and arrived on time. We cleaned up that mess and I entered the address for the next house, traveled to it and did that job. The third and final house was over the border in Massachusetts and Gina got me there with no problems. While working on the final job, a thought hit me, “What if the GPS died and I needed to get home from here?” I realized that I had relied on Gina so much that I had failed to watch for landmarks. The only thing I could tell you about the route we took was that there was a LOT of tree damage to see (tops of most trees were snapped right off) and piles of brush at the roadside waiting to be chipped. I felt an odd sense of disorientation. If you had asked me to point to the North, it would have taken me some time to figure it out. Even now, I would have to go back and look at the logs on the GPS to be able to tell you what town in Mass. I was in.
I happened to glance under the seat of my Jeep as I was getting in to go home. There was my trusty stack of maps. I suddenly felt much better. Within a few minutes of examining my surroundings, I could figure out compass directions and with a little work and access to my maps, I could get myself home.
What about our students though? If their GPS or on-board navigation system goes on the fritz, will they be able to get home? I am not saying we need to turn them in to orienteering experts, but I certainly hope we are at least giving them some basic tools like map reading, time and direction estimation, etc. so that they can survive when the higher end technology is out of action.
Tags: GPS
A friend of mine pointed me to and recommended YourFonts. This free web-based service allows you to quickly and painlessly create your own custom, true-type font based on your printed hand writing (no cursive). If you are careful and are not too picky, your entire font can be created, downloaded and installed on your computer in 5 to 10 minutes. I recommend taking your time, reading the directions and using care when going through the process.
Here are the steps involved in the process:
- go to www.yourfonts.com and click on the “Print Template” link in the right hand column
- click the link that says “Template as PDF document” and print the window that opens up
- close the template window
- click the “Complete Template” link and read the instructions carefully on how to complete the template – being careful here has great impact on the finished product
- click the “Scan & Save Template” link and follow the instructions for scanning your template (once the template is scanned, you can use a photo editing package to clean up and adjust your scanned images)
- click the “Upload Template” link and wait
- when step 6 is done, you will be looking at a sample of your font – click on the “Download Your Font now” link
- click the “Install and Use” link for directions on how to install and use the font for your operating system.
- Start using the font.
Once installed, you can use your new font like any other font you my have. This new font even has some cool extras depending on how you filled out your template. If you added your signature to the lower right of page one of the template, then inserting a ^ (shift-6) will insert your signature as a single character.
To view a sample of my new Glen H. Page font click below:
yourfontstest
A colleague came upon an interesting Mathematical software package called GeoGebra. This cross-platform FOSS package is easily downloaded and upon first glance it looks to be a very interesting tool for both teachers and students. According to the GeoGebra website the software can be used in teaching Algebra, Geometry and Calculus. Looking at the screen shots on their page, it is easy to see how it could help visual learners really see how Algebra, Geometry and Calculus work.
I spent about 2 minutes playing and easily graphed points, line segments and created a triangle and a circle. When you graph a line segment, the software generates the equation in standard form of the line. When you draw a circle, it gives you its equation.
I will be playing more with this and may write a follow up to this entry.
Tags: Algebra, Calculus, Geometry, Math
Posted by gpage on Jan 19, 2009 in
Systems Administration Now that some time has passed, I can look back at the events of earlier this month with a different perspective and think through what went wrong and how it could have been avoided.
Before going in to the details, a reminder: “Murphy’s Law states that, “Anything that can go wrong, will go wrong and at the worst possible moment!” To really appreciate this, we need to add on a thought from the best student I ever had (Justin Poirier) who adds, “Murphy was an optimist!”
To start from the beginning we need to go back to the systems upgrades performed over the Christmas break. Over this break, our 3 XServes that make up our home directory system were upgraded. 2 machines were upgraded from OS X 10.4 to 10.5 (this put them all at 10.5) and all machines had additional RAM installed. The home directory server for TES had 2 new drives installed to give them more storage capacity as they had filled their old drives. All went as planned on those upgrades. I tested each type of account (TAstaff, TA students at all levels, TE staff and TE students) and found all to be working as expected. I went home to enjoy the remainder of the break expecting all to work properly when we returned in early January.
Boy, was I WRONG! When we returned, we found that some people, particularly at the elementary school level, could not log on at all (there were some at TA but these were sporadic, TE was system wide).
Some basic troubleshooting pointed to the idea that something was not right with the authentication server that controls who can log on. Several systems admins that I corresponded with suggested that I needed to demote the authentication server from directory master to standalone and then promote it back again. All cautioned that I should archive the LDAP first which I did.
Now for the part where a few more ounces of paranoia could have saved me a lot of work. I should have: a) double-checked the archive to be sure it was good and b) copied the archive on to a thumb drive for save keeping. I demoted and promoted the server and then went to restore the LDAP from the archive. The archive was trashed! This meant that, since I did not have a copy of the archive on a thumb drive, I had to recreate the entire LDAP from scratch. This amounts to account info for @650 accounts.
Remember that Murphy said, “worst possible time”? Well. let’s see how the timing qualifies.
- last week of classes before semester exams
- many teachers use project based exams and term papers that students need computers to complete
- teachers need to access files to finish creating and printing exams
I think Murphy was right!
I immediately remembered that I have all account info in a spreadsheet and realized that I could use Passenger to recreate the accounts in a relatively quick way (esp. after purchasing the full, unlimited version). I went right to work on that with mixed results. Some could log in and some could not. By the end of the week, I had decided that I would need to come in over the weekend and start over from scratch. I came in Saturday morning and by the time I left late Saturday evening, everyone at TA could log in and had all of their documents. I spent Sunday afternoon working on getting the TE accounts to work. Finally had to give up and move their accounts to the TA home server as the only difference I could see was accounts on TA’s home server worked and those on TE’s did not.
The coming week will be when I try to figure that issue out so that I can move TE accounts back to their own server.
Here is where the excess paranoia would have helped. I estimate that I spent 5 DAYS recovering from what could have been prevented by simply being a bit more paranoid about that archive.
Also, no matter how much pressure is put on the IT department, I think we need to limit major server OS upgrades to the summer months. Much less pressure to deal with and more time to get it right.
As we begin to move away from purchasing costly licenses for Microsoft Office and we phase out AppleWorks (since Apple pulled the life-support plug on it), many teachers seem to have difficulty entering the unfamiliar territory of Open Office and iWorks. Have no fear. Help is at your finger tips.
Each of these products includes built in help files that can be used to figure out many of the changes you face. If you can’t find the answers you need in the help files, then I suggest you look to the software publishers site for FAQ’s (Frequently Asked Questions). Rest assured that you are NOT the first person to be forced to change from AppleWorks to either Open Office or iWorks. More than likely, someone else has experienced your problem and posted a solution for it. If you can’t find it in the FAQ’s, then most publishers sites have a way to submit a question and someone, either from the publisher or another user, will get back to you with a solution.
There are also on-line communities dedicated to improving, enhancing or extending the usability of these software packages. For iWorks, I found iWorks Community. For Open Office check out Open Office Extensions. Each of these sites offers downloads of templates and tools to make it easy to create things like form letters, calendars, certificates, etc.
The content on these sites is created by users just like you. Folks that figure out how to do something and decide to share it with the world. I encourage you to use these sites and also to give back if you create something new that others might use.
Tags: AppleWorks, iWorks, Keynote, Numbers, office, open office, Pages
Posted by gpage on Dec 2, 2008 in
General,
Web 2.0 Wow. What a fun conference! What a thought provoking key note by David Warlick. Some of the most interesting things he said:
The world is flat!
For the first time in history, we are preparing our students for a future that we cannot clearly describe!
Overall a great presentation and I look forward to checking out more of his stuff at davidwarlick.com/handouts/
Will try to post more later. Busy here.
Tags: classroom, flat, Warlick
Posted by gpage on Nov 6, 2008 in
General Until I picked up and read “On the Way to the Web – The Secret History of the Internet and its Founders” by Michael A. Banks, I had forgotten how much existed before the commercialization of the Internet and the advent of the World Wide Web.
As a computer science educator, I have been involved in on-line communities since the mid 1990’s. I had forgotten all about things like Gopher and the other now antiquated tools we used before the Web came along.
Michael presents and enjoyable read that weaves together a good cross section of the people and events that took us from ARPANET to the advent of the Web era. I was especially impressed by his in-depth coverage of things that I had barely heard of before and how all of the pieces of early commercial on-line services came together to form the Internet.
Michael does not just tell of the successes along the way but also the failed attempts and how even these contributed to the current systems we use. I remember quite a few of these attempts and wondered what happened to them. Now I know.
He does a great job of telling how in the early days, the net was an exclusive on-line community for government, education research and the military. He carefully explains how things change from a system that had such strict rules to the very open system we have now. In the early days, you could lose your access to the Internet for simply posting a “classified” ad to sell something on-line. Now we have a vast number of sites selling just about anything you could possibly want to buy.
The only negative thing I can say is not really negative at all. When I finished the book, I wanted more! Just like a good movie that leaves you ready for the sequel, this book left me wanting a sequel telling about the history of the Web from the invention of HTML to the advent of Web 2.0 and beyond.
Thanks for a great read, Michael. Keep up the good work.