Thursday, June 20, 2013

Creative ways of using Moodle

I was recently reflecting on the history of using MOODLE at our school (Endeavour College). What started out life as experiment which I used with one or two of my own classes back in 2006 with version 1.6, has now become a core system within our school with up to 2500 logins each week (this is approximately 1 a day for all staff and students in the school).

Moodle is an LMS (Learning Management System). Sometimes we want it to be a CMS (Content Management System) but at the core of it is the structure of courses and enrolments within those courses. A key thing I have always known about moodle, is that if a student comes back to a course more than once, and things haven't changed at all, they are unlikely to come back again. I tell teachers that students will only visit their moodle course as much as they do (it's not just a 'set and forget' thing - it has to be more of a 'living' thing).  I am under no illusions that moodle is like a 'facebook' for students at our school, but by creative (and not to restrictive - eg. allowing messaging) it has become a central hub for our students. Although, I wouldn't got so far as to say they 'like' it...

Our moodle's usage has evolved over the years, and some things have been tried and have failed, while other things have taken longer to make their way into our everyday usage. The 'front page' becomes the focal point, and through using 'permissions' carefully, you can customise this for different users / groups. I thought I would share some of the creative ways we are using Moodle to be much more than just an LMS for school subjects below:
  • Digital Suggestion Boxes - on the front page we use a few questionaires (it's a plugin for moodle) as digital suggestion boxes which students can submit to things such as the  SRC, or submitting questions to ask our sponsor child etc.  They are very easy to setup and an email is sent to the appropriate person when a response is submitted.  If the questionnaire needs to be modified, you can easily just give that person the role of teacher or manager on that activity - this could even be a student (eg. student captain)
  • Student Surveys - similar to the previous one, but as site wide surveys for students.  They are placed the front page (so all students can access them) but often are set to only be visible for a period of time (eg. a week). If it needs to be updated by a teacher, just set the have a teacher role on that activity (permissions are extremely useful and versatile once you get your head around how they can be applied!)
  • Morning Notices on front page - one of our admin staff are given permissions on a 'page' which is on the front page. They simply copy and paste the day's notices to that page each morning as part of their routine and students can access them from there.
  • Quick Links on front page - there are other websites used in the school, other than moodle - so setting up quick links (in a menu, or just as hyperlinks) for things such as webmail, printing credit, library etc.
  • Front Page Polls - the poll 'block' is an excellent module for allowing more interesting interactivity with students. We've taken this to the next level by allowing a student leader permission to create new polls!  As well, we have a digital suggestion box (questionnaire) for students to suggest new polls. I use a poll in some of my courses as well to provide students with another interesting thing to interact with.
  • School Wiki - a wiki was created on the front page about 5 or 6 years ago.  Students are allowed to edit, and there is definitely some dodgy bits, but it is improving over time. It has been good for teaching students about a wiki, and long term appropriate use - as well as collecting valuable information about our school from the student's point of view (eg. the Year 8 page has information about what is done in Year 8 etc.).
  • Adverts on the front page - staff can email me adverts for the front page (eg. promoting a school event, or fundraiser etc.). I create them (with images / hyperlinks if required) using a label, but the key part is also to have an 'allow access until' time when the advert will time out. This means I don't need to remember to go and remove it, but it will naturally just disappear from the front page (for students / teachers) after this date. In fact, doing this can allow for creating adverts ahead of time, which only become visible at the 'allow access from' time.
  • Students take the teacher role in some courses - we have extra curricular leaders who 'teach' in the courses created for their situations. For example, an 'Art Club' course with photo galleries and other information.
  • Laptop Licence Course - when we deploy laptops to students in Year 10, there is online course which they must complete. It was developed by students and teachers and contains lots of information and the key thing is quizzes based on the information. Conditional activities are used to only display 'you have completed this module' at the bottom of each section when the quizzes have been completed satisfactorily. At the end of it, student's receive their 'laptop licence' (another conditional activity which appears at the bottom of the course when all activities have been completed satisfactorily).
  • Staff Intranet - a course has been created for staff only. It uses 'cohort' enrolment so staff must be added to the 'staff cohort' by an administrator (this is a pain!) but it means there is no security risk of students accessing this information (if they got hold of an enrolment key or something like that). Along with that, there is a HTML block with permissions for only staff to view it, on the front page with a quick link to this.  Some of the more interactive activities we have used on the staff intranet include an 'ideas' wiki where they can contributes software / websites they find useful (by faculty or other), forums, surveys plus information about using moodle and other PD resources as the need arises. Key leadership staff are 'teachers' of this course, but most staff just have a 'student' role.
  • Moodle Sandpit - this was a course setup for staff to play around in and try out using moodle without having to first create a course. It uses an enrolment key which teachers use which then sets them to be a 'teacher' of the course. In order to keep the information at the top of the sandpit course safe from being deleted (just some general hints and ideas about what the sandpit is about) permissions on the activities were modified so that a manager was the only person who could delete or modify them.
  • Permission Layers - this is not such of a creative thing, but rather just the structure that helps to ensure the long term success of moodle. We have 2 or 3 site managers, but then within categories (each faculty has a category) the faculty coordinator is made to be a manager of that category. This means that a faculty coordinator is ultimately responsible for the courses and management within that category and they take ownership over what is there and how courses are managed. Discussion about how they are using moodle is taken to their faculty meetings and some courses have multiple classes in them, while others are individual to a class and teacher.
  • School Footy Tipping - we have a school footy tipping website setup, and so we have hyperlinks to it from our moodle, but it also has a HTML block that shows the top students on the ladder on the front page of moodle. This is just one more engaging thing on our moodle that keeps the students coming back!
I'd love to know the creative ways you use MOODLE in your school! Please share them with me in the comments section.

Wednesday, June 12, 2013

Useful computer software for parents


The following is a collection of free useful software which parents may consider to assist with managing computers.  It is important to note that no software is perfect and there will often be ways that children can bypass filters or restrictions, therefore they shouldn’t be relied upon 100%. For example, there are browser plugins which can filter websites, but these are easily bypassed by removing the plugin or simply using a different browser.

Ideally, children should be actively supervised while using the internet and taught about some of the dangers of the internet, including safe usage of social networks, email, avoiding scams and inappropriate material on the internet.

User Accounts

It is strongly advised that on a home computer, children use a ‘non-administrator’(ie. normal user) account. This means creating a separate account to the main (Administrator) account and ensuring that the Administrator account has a secure password.  If this is not followed, it is far too easy for the children (as Administrator) to remove the restricting software.

Romaco Timeout


Romaco timeout is a piece of software which restricts the amount of time you can use a computer for.  It works via a password (which parents would set) and can then restrict the usage according to a number of parameters, such as “Daily Quota”, “Access Window” (eg. only allowed between 9 and 6pm etc.), plus it has features such as a program blocker and web usage monitor.

If the user gets to the timeout it can automatically log them out (giving them time to save their work first!), but it can be overridden by entering the password.


Getcoldturkey


Getcoldturkey is a self regulating / blocking piece of software.  It is open source (free) which asks for a donation when you download it but you choose to donate $0 if you wish.

It blocks certain websites for a period of time which the user chooses. This would be very useful for students who can't trust themselves, when they are studying for exams or have assignments due.

K9 Web Protection


K9 Web Protection is a free download (for home use - although you need to register an account in order to get a licence key). It features blocking of categories of websites, time restrictions and internet usage reports. Web pages blocks can be overridden using a password.

I don't have much personal experience with this software, but it is available for Windows, MacOS, iOS and Android - so it is the only piece of software here which could protect children on an iPad or other tablet device.


Other websites / blogs / information:

http://www.scamwatch.gov.au/ - if you think you might be being scammed, check this Australian government website for details of almost all of the common scams.

If there is other software which you use or find useful, please feel free to leave me a comment!

Monday, September 5, 2011

https : the forgotten security measure

I would never put my credit card details into a non-secure website. And when I log into my online banking, I just wouldn't continue if I didn't see the padlock icon and https at the start of the URL. Like you, I am not an idiot when it comes to security... Why then, in an era when identity theft, phishing and spam are rife, do I fail to apply such stringent standards to the rest of my web browsing?

Nowadays, almost every website requires me to login. And even those that don't, try to link to facebook or google, or store session information in cookies about my internet usage. Even though I am discerning about what websites I register on, the trust I have in the website is misguided if it fails to allow a secure (https) connection.

So now a bit of technical information. HTTP is a protocol (application layer of the TCP/IP stack) used for transferring web data. When a browser requests a web page, it sends a GET request over HTTP to the server, which responds and gives the details back. When a user logs in, the GET request also includes the username and password (or whatever details are part of that form). It doesn't matter how the website stores the database (see my previous blog post about not emailing passwords and MD5), the password is still sent in 'plain text'.

Wireshark can capture packets on a local network and can be used to see this. It's a bit scary actually, when you see your password in plain text inside a packet that is being sent across the internet. Wireshark works on the local network interface, and in a modern network with switches or encrypted wireless networks, it is generally quite difficult to be able to capture packets not intended for me. But does that itself mean I should no longer be concerned?

Certainly it should mean that we do NOT trust any unsecured / unencrypted wireless networks (such as Maccas free wifi etc.). Firesheep demonstrates the dangers of this. We also should take extreme care on networks we don't trust. When you plug your network cable in to a network (or connect via wifi) and access the internet, the packets are travelling via many computers / nodes / servers to get there. So maybe you trust the first server, but do you trust the others?

TraceRoute is a command line function (tracert on Windows) that shows the 'hops' that a packet takes to get to its destination. Using HTTP, it would only need one of those to be compromised and your information could be stolen.
tracert www.facebook.com - showing the hops from my computer (cropped) to facebook, via internode etc.

HTTPS is not actually a different protocol to HTTP, but rather it sets up an SSL (encrypted) connection between the server and client which then transmits the HTTP packets over that. This means that the packets are not able to be viewed along the way. This is the 'correct way' of ensuring that data being sent over the internet is not able to be viewed along the way. Wireshark can see the packets, but the contents of them is unintelligible because it is encrypted.

If HTTPS is the 'correct way' of transmitting data over the internet to avoid it being intercepted by other people, why isn't it implemented all the time?
  • Performance - since https requires setting up an SSL encrypted channel there is a performance cost which for many webpages is not required. It is hard to say exactly what the performance cost is (it would depend on the size of pages / elements and many other factors) but I don't think it would be unfeasible to see a http page load in half of the time of the same page over https (or even less). This is a fairly significant performance hit for a website.
    This server does not have a valid SSL certificate. (Firefox browser)
  • Cost - because https is about 'trusting' a website, it costs a significant amount of money (hundreds or even thousands of dollars each year) to have a valid certificate via a company such as verisign etc. (Some companies advertise 'free ssl' certificates - personally I am dubious and want to trust that SSL certificates are quite hard to get, since I want to be able to trust 100% in a website with a valid SSL certificate). While this may sound like a small cost for security, it doesn't add anything to the implementation of https, but rather just avoids the 'warning screen' (as shown in the picture) which would most likely put visitors off actually continuing to use a website unless they definitely trust it (even though in 99% of cases it would be perfectly safe - and definitely safer than using the same website via http - I still wouldn't encourage this behaviour!).

  • Laziness / apathy / ignorance - once a website is 'working' it tends to be just left. Also, the potential for identity theft or loss is for the user of the website, not the company implementing the website. Join this to the fact that most web users aren't committed to security enough to refuse to use a website if they don't trust that it is secure, apart from perhaps a banking website, and you can understand why http is the 'ignored' security hole in our lives.

Twitter now defaults to using https. This is a good thing! Facebook still defaults to http, but it has an option (only as of January, 2011) to allow 'secure browsing' inside the settings (which you should change asap!). This only helps the situation is users are aware of it. Surely Facebook should be changing it from an 'opt-in' setting to a default setting, or even better, a mandated setting. I suspect this might be because of the way Facebook apps work (they are NOT on the Facebook server, even though they appear to be - they are on the developers server), and it is up to the developers of the apps to allow SSL (so many apps won't work over https).

Finally, a word of caution: be careful!! Using HTTPS doesn't mean you can do anything you like on the web and are protected! It's just one of the pieces in the security jigsaw puzzle. If you put your credit card number into a bogus https website, it will prevent anybody along the way from reading the credit card number, but the end server still gets your credit card number!!  Remember all the other good advice about not clicking on links from emails etc.

Take an audit of the websites you use. What personal details are you risking via http, and is there an option to use https?

Saturday, March 5, 2011

ABC of Hints!! (Now that everyone is an ICT teacher!)

I've been reflecting lately that with a 1-to-1 computer program in a school, suddenly every teacher is having the role of "ICT Teacher" thrust upon them, whether they like it or not!

So here is the start of my ABC's of hints and tips for being a better ICT teacher:

  • Appreciate the expertise within the classroom. This should NOT be an excuse for poor preparation because we really should be an expert in the software or techniques that we expect the students to use. But in many cases a particular student may be able to teach you and / or their peers which gives them great satisfaction and helps to model collaborative learning techniques.
  • Be hands off - don't continually take over and DO things for the students, this doesn't help them to learn to do it themselves and it also can significantly dent their confidence with ICTs if we make them feel bad that they can't do it as quickly as we might be able to.
  • Care should be taken to not just use technology for technology's sake... what is the purpose? Will it improve the learning? Are their better ways? Model the critical thinking we expect of our students and try to not 'cheapen' technology by using it as a 'gap-filler'.
  • Don't give up! The first time we teach something or try something new, never goes perfectly! That's ok! Spend time reflecting, discussing, evaluating and  improving for next time.
  • Explore and investigate - when the stakes are low! Try things out beforehand, early on and think critically about what is happening. Evaluate new techniques and approaches in a formative environment before the pressure is on.
  • "F1" - use the help function (keyboard shortcut F1) and expect students to do likewise. When something doesn't work, take a moment to think about it carefully and troubleshoot. Model good habits by not just getting tech support immediately something doesn't work!!
  • Guidelines - Give clear guidelines every lesson. What function of the computers are we expecting the students to use this lesson? What is not appropriate for this lesson? Create some classroom language that helps the students to be clear about what is expected.
  • Hypocrisy hurts the learning environment - model appropriate use of computers by following the same guidelines you have given to the students. If we expect them to be working on task, lets not become hypocrites by checking our email frequently, being on facebook or twitter, checking the cricket scores or just randomly searching the web for "funny cats photos" while in class. Students tend to respond really positively if they see that the teacher is working as well, rather than just standing over them checking that they are on task.
  • "I need everybody to close their laptops and listen in". Create similar routines to things like "pens down" or "diaries out" which apply to the use of computers such as "Lids down" or "Sleeping laptops".
  • Just because it's on a computer, doesn't change the fact that lost work is still lost work! Whether it's a corrupt / lost USB, disorganised files or an email that has disappeared, many times students are simply trying to con us and even if it is genuine, learning the backup / recover work is an important skill for everyone to learn.
Feel free to leave me a comment suggesting any other hints!

Friday, November 5, 2010

Please don't email me my password

This will be a bit of a technical blog - sorry about that, but since it's something I have tried to teach my Senior Info. Tech. students, it is probably worth knowing about. And unfortunately it appears that lots of people in IT haven't learnt it yet.

We want to keep our passwords secure, and IT people are constantly reminding people of what makes a good password (length, capital letters, numbers, symbols etc. in a random mixture where possible). And IT people are also the same people who push out regular password changes.

So why then, do these IT people, frequently choose to store my password in plain text within a database??

Just to explain what I mean by plain text - inside a database of users, there would be these two fields: "username" and "password".

eg. Username: Freddy95, Password: mysecretpassword

It might seem natural that you actually store the username and password in these fields, but it is extremely bad practice to store the password inside the database.
 But how, you may ask, do you check someone's username / password if you don't have their password stored?

The answer is in one-way encryption (also known as 'hashing'). Think of it like a valve that lets water through one direction, but it can't return.



MD5 is a very common method, and for even better encoding, include a "salt" which makes it exponentially harder to be compromised by 'brute force attacks'.

eg. Username: Freddy95, Password: 4cab2a2db6a3c31b01d804def28276e6


(The computer has a way of getting from "mysecretpassword" to the password generated above, but it can't go the other way. You can check it using an MD5 generator, but you won't find any 'reverse MD5 generators' - please don't sign up to any of the pages you find via that search!)

Read an article here that outlines an example of where this happened. http://blog.moertel.com/articles/2006/12/15/never-store-passwords-in-a-database

The reason for IT people not following this practice is not lack of knowledge or laziness, but simply so that they can email out your password to you if you've forgotten.


If you've ever received an email from a company that includes your password in it, they are following this bad practice!!! (It's just a pity you can't know what they will do with your password when you are typing it into an online form, otherwise I wouldn't sign up for any of these companies!)


The risks associated with having your password stored in plain text are many:
  • If the database is 'stolen' (or sold) or compromised in some way, your username / password is there
  • Despite the IT people suggesting to use a different password for every account, it's likely that someone who got your username / password could try it in various other accounts (Ebay / Facebook / Paypal / Hotmail etc.) and likely find a match somewhere (if your username / password the same in each account??)
  • Even if the database is not 'lost' or 'compromised' an email they've sent with the password in it could be intercepted (or read on a local network via packet capturing etc.) or even simpler, be read over your shoulder in your email client!
  • Plus, I simply do not trust every single company online. It only requires one 'unethical' employee of one of those companies you've signed up for.
Is it any wonder that at the moment there are so many cases of people having their Facebook accounts hacked?? How many different places can you stick in your credentials with the many different Facebook applications and interfaces? (There's more to this which I might discuss in a different blog - Facebook applications are not stored on facebook.com but rather on individual / companies servers - playing Farmville means you are allowing the Farmville server access to your Facebook information.)



So please don't email my password, there are other ways of resetting it if I forget the 246th different password I've used on the net.

Wednesday, September 22, 2010

Trying to find the positives in the iPad

My students absolutely love my iPad...

Despite my constant whinging about it's lack of functionality...
And crippled usability.

As I write this on the iPad, it's not the touchscreen keyboard that is frustrating. I've already got quite proficient at using 2 fingers to touch type, instead of my standard 10 fingers.

And it's not the lack of a camera, because I have a camcorder, a camera and a phone with gigapixel camera in it.

I'm trying to not just see the iPad as a toy. And it's been two weeks now that I've been trying to use it productively. It is great as a toy, as a web browser, as a video viewer and as a babysitter.

It hasn't been very productive though. For starters, where are my files? I downloaded goodreader and usbdisk which allow a way of transferring files. I have emailed files to myself and that then duplicates it in multiple places when I 'open with' so I now have 4 copies of a PDF I wanted to view. Help me if I was trying to edit it. I know some cloud solutions exist, but even within the iPad, why can't I just have a my documents or home drive. Of course you can't save a PDF directly from the web - obviously the ipad wouldn't know where to store it. Goodreader has a reasonable solution to this, but still doesn't work if the page requires authentication, ie. Moodle.

And why can't I have an arrow key? There are situations, even typing this, where the select magnifying glass just can't go where you require- to the very left of this input box in safari. Multiple backspaces later I fix my error.

And why is the USB input crippled? I got the camera connection kit, but it won't let you open anything other than camera files. It will let you connect a USB keyboard (after an error) but one has to figure they just couldn't disable this basic unix functionality or I think they would have.

Speaking of reducing functionality, why has Bluetooth been crippled so much that I can't even send a file via bluetooth? No photos or files can be sent or received via Bluetooth, and with USB crippled it leaves syncing via iTunes or a cloud solution the only way.

But even then, I am still struggling to find a way of getting a video file into reeldirector, which looks to be an adequate video editor and creator if only I could get a video into the file to edit it. Apparantely you need to transfer then via the iTunes photo album but even converting them into formats which the iPad is meant to play (h264) they still won't sync.

Why can't I sync over wifi? It appears the only thing I can do over USB and am forced into it. No chance of using Bluetooth here either.

Gps on the iPad is awesome. Picks up signal quickly and very functional apps. I think it's a rather overpriced tom-tom though.

Ok enough of a rant here. I bought the iPad to explore the possibilities, given that it is a valid device for the government's 1-2-1 program. The possibility of it ending up on ebay is quite strong.

I would love if someone can correct some of these thing, but I haven't even got on to the lack of multitasking...

Friday, May 21, 2010

ICTs with Purpose and Guidelines

A recent experience with utilising a chatroom in moodle with a Year 11 class has left me reflecting on the key necessities of utilising ICTs in the classroom:
  1. A purpose
  2. Specific guidelines
I decided to use the chatroom (a basic feature of moodle) to explain the next phase of the course. The PURPOSE of this was to record the discussion and allow for students who are absent to look back on the conversation as well as those there (but who's brains were absent) to review the conversation later on.

The conversation went something like this:
  • Teacher: Intro and questions based on next phase of curriculum
  • Student1: Blah
  • Student2: Blah Blah
  • Student1: Beep
  • Student2: Yadda Yadda
  • Student3: OMG
  • Student2: OMG?
  • Student4: $*(#&*
...
and so it continued with a couple more teacher interventions but nothing that got the attention of the students.

Eventually we decided (well I decided) that a simple spoken conversation might be more effective than the online chat which had looked so promising.

What did I learn from this?

Well, apart from learning a few new interesting acronyms used in chatrooms, I was reminded that it's important to not just use ICTs and assume that students know how to use them. They usually use them for 'personal', 'informal' chat and in my experience just couldn't cope with trying to do anything productive with them.  So do we throw the baby out with the bathwater?

No - I am to blame. As the teacher, if we were going to have a 'debate' in class - I would have introduced it with some guidelines about how it was going to work.  If we were going to have a class 'discussion' - I would have introduced it with some guidelines about speaking one at a time and respecting the person who is speaking. 

So I should have placed some guidelines on their chat.... listening to the person who is 'chatting', thinking before they 'click', only writing something if it is appropriate to the topic and so on... basic stuff that we struggle with getting students to follow when they are using the 'native tongue' (spoken english) but seem to ignore when it comes to ICTs.

Although perhaps I need to reconsider what these particular students 'native tongue' actually is...