Archive for December 5, 2007

Richard | December 22, 2007
3 comments

Cisco Clean Access Woes

In August, we implemented Cisco Clean Access (also knows as Network Access Control) in order to limit the school wireless network to known users and scan desktop computers for running antivirus and the latest OS patches. Unfortunately, our implementation has hit a few snags, to the point where most of our user population is pretty cynical about the impact of Clean Access on their ability to operate and the supposed benefits it brings.

We currently have the following concerns about our implementation of Clean Access.

  • It’s mid-December and Cisco has not yet released a Leopard-compatible agent.

  • CCA login times vary from a few seconds to several minutes.
  • The current agent is not dual-NIC aware, trying to authenticate users against the secondary connection.
  • The Windows client often crashes, requiring a reboot before the user may log in.
  • One or two users per day end up in the temporary role for reasons unknown.
  • The agent often becomes unresponsive when a user switches VLANs.
  • A new patch that came out in September was incompatible with AdAware 2007 and booted half our user base from the network.

How has Clean Access been for you? Are these typical problems, or do we have a unique situation?

Update 1/8/2008: We successfully installed a secure certificate and upgraded the server and agent to new versions (4.1.3.0 on the Mac). First tests show improvement in client behavior. We are looking forward to further testing with real users to see how many of our issues the new client software solves.

Update 1/10/2008: I have the new CCAAgent 4.1.3.0 running on Leopard. We noticed right away a processor utilization issue — CCAAgent was using 100% of the processor every few seconds, not good for laptops trying to conserve battery power during a long school day. Cisco sent the following fix.

First, create a preference.plist file for youself: Show Package Contents on Applications – CCAAgent and copy Resources – setting.plist to your user Library – Application Support – Cisco Systems – CCAAgent and then rename it preference.plist. Create these folders if they don’t exist.

Run the following script in terminal (all on one line):
osascript -e ‘tell application “System Events”‘ -e ‘set the thePListPath to “~/Library/Application Support/Cisco Systems/CCAAgent/preference.plist”‘ -e ‘tell application “System Events”‘ -e ‘tell property list file thePListPath’ -e ‘tell contents’ -e ‘set previousValue to value’ -e ‘set value to ({|VlanDetectInterval|:”0″} & previousValue)’ -e ‘end tell’ -e ‘end tell’ -e ‘end tell’ -e ‘end tell’

This turns off automatic VLAN detection in the Clean Access agent, which solves the processor utilization problem.

Update March 27, 2008
You can package the above into an executable AppleScript. Look closely — the shell command actually executes AppleScript!

Category: Server |
Richard | December 21, 2007
3 comments

Simple electronic portfolio in Drupal

A beautiful Drupal moment — I’ve been meaning to create this for a while, an ultimately it took me less than an hour to tweak this as I wanted.

Employing my usual stepwise development process, I have just created a bare-bones electronic portfolio content type to serve as a prototype for testing with a small group of teachers. The content type includes the required title and body plus the optional link and attachment fields. This allows users to post a piece of work, introduction, or reflective statement, attach a piece of work such as a word document or image file, or link to a piece of work already posted somewhere else. In the future, I may add content type fields for Image, Audio, and Video, though it may be simpler for the user to link to them instead. I then created a view to show a user his/her portfolio items in a table view. The view only worked once I installed Content Access and allowed users to see portfolio content type items that they themselves had created. I should at some point make it easier for users to search Drupal for their own content using an autoselect field.

The electronic portfolio tool is designed to be versatile. You could use the text field either to include the body of a piece of work (such as a poem), an introduction to a piece, or a reflection on the work. The link and attachment options are especially valuable. You could attach a Word document or JPG image, or if the work is already posted somewhere, you could link to it (e.g., Gallery image). I can add any number of other text fields, including categories, and even image, audio, and video media fields if we want the portfolio to contain these items directly. Anyone here could use the tool: students to collect exemplary academic work, teachers to reflect on their professional practice or organize a self-evaluation.

I have asked a small number of interested teachers for their help to grow this tool to the point that it supports the electronic portfolio needs that they anticipate having in the future. As usual, my approach is to release a prototype, invite a few people to use it, develop the tool into a mature version, make it available to everyone, and then invite all to decide how much value it has and how much we should encourage other people to use it. I will seek conversations that allow me to learn more about their teaching objectives, needs from the tool, improvements that may be made, and examples of people experimenting with use of the tool.

At least one of the elements of this tool is borrowed from DrupalEd (thanks, Bill!). Why not use DrupalEd entirely instead of building out this site from scratch? First, I find it easier to build up from Drupal core than to tear down from a rich, unique distribution. I am starting in the place where all knowledge about how this system works is widely shared and then only adding and configuring modules and objects in a way that any user would. Second, DrupalEd supports user, group, and community-wide content. In our school, Moodle supports group content, Drupal supports community content, and the portfolio piece is the first part that is individual. We operate on slightly different assumptions of needs than a school starting from scratch and seeking a complete content management system.

screenshot

Category: Programming |
Richard | December 21, 2007
No comments

Drupal heading for a growth spurt

Drupal’s founder and lead, Dries Buytaert, has formed a company to provide Drupal services and raised $7m for the effort! In addition to the usual consulting and support services, he plans to develop pay versions of Drupal. Read his announcement and Acquia FAQ for more information. On the one hand, this makes me nervous. Dries’ hopes for Acquia to become the “next Red Hat” is not necessarily great for those of us who anticipate using the free version indefinitely. On the other hand, it may be wonderful to see Drupal develop into a more robust, mature system with greater adoption and known legitimacy. We could definitely ride that wave.

Also of interest: Buytaert’s site of Drupal sites — some big names here.

Category: Software/web |
Richard | December 18, 2007
2 comments

Google’ rapid software development successes

This past Sunday’s New York Times included an article about the looming confrontation between Google and Microsoft. The section of the article that described Google’s software development method caught my eye.

    New features and improvements are made and tested on Google’s computers and constantly sprinkled into the services users tap into online. In the last two months alone, eight new features or improvements have been added to Google’s e-mail system, Gmail, including a tweak to improve the processing speed and code to simplify the handling of e-mail on mobile phones. A similar number of enhancements have been made in the last two months to Google’s online spreadsheet, word processing and presentation software.
    source

The rapid development software model is not new, but Google has implemented it to perfection. I would like to think that we have adopted some aspects of this model at school. Sometimes, we quickly develop a custom web script, install an open-source application, or adopt a new IT policy after a short conversation and see how well it plays in the field. At other times, we adopt a more conventional approach, quietly developing and testing an idea until it is fully mature before throwing it out to the community.

To some extent, the choice of which strategy to employ depends on the centrality of the system. When rolling out a new wireless security scheme or file server, much testing and gathering of feedback is required. When creating a new opportunity for teachers to post video on the web, one may proceed with abandon. Even Google appears to modify its core applications only to introduce new features in a test environment. Recently, Facebook took a big hit from failing to anticipate how users would react to yet another big feature change that impinged on their privacy.

We can stand to remember that the best feedback on an innovation is gained from everyday users giving it a try. Get user feedback early rather than working in isolation for long periods of time. Maybe we can benefit from more often adopting such a “perpetual beta” model.

Category: Social studies |
Richard | December 18, 2007
One comment

Innovation and Cost Control

We’re planning to take a look at Blackberries and cellphones on campus soon … not for students, but for staff! We feel caught in a typical bind, in which the desires for innovation and cost control are in conflict with each other. My favorite innovations are cost effective (or even cost saving). For example, many of the web technologies we have introduced cost far less to adopt and support than their commercial counterparts. What about Blackberries and cellphones? The advantages are obvious. Blackberries allow us to monitor email while away from the desk, receive meeting reminders, make appointments quickly, and be available by phone anytime. However, the costs add up quickly per individual per month, when you consider the phone, minute plans, BES license, and support time needed to care for the finicky devices. It’s difficult to estimate the value of intangibles when budget time comes around.

Other factors also affect these decisions. Tax laws require us to either not use the devices for personal calls or to track personal calls and then reimburse the school. Either approach seems impractical. One requires you to carry a second phone around for personal calls, and the second requires you to do a bunch of extra work to identify all of the personal calls in a bill each month. I would like to share the costs with the school, either by buying the phone and having the school pay for the plan or vice-versa. However, we don’t yet know whether this is a legitimate use of school funds.

We hope to find a solution that meets the tax requirements of a non-profit organization, allows us to take full advantage of new technologies, keeps costs under control for the sake of the school, and allows phone-toting staff members to make natural choices about the use of the phones for business and personal purposes. Stay tuned in the New Year to find out what we do.

Smart Boards are another example of an exciting innovation with a high price tag. We have already committed ourselves to install ceiling-mounted data projectors in as many classrooms as we can. We would love to include Smart Boards as a standard feature in every room, but at $1500 each and considering the patchy pattern of adoption among our teachers, standardization seems undesirable. Instead, we acquire a few Smart Boards for the most active users and leverage our financial resources elsewhere.

Category: Hardware |
Richard | December 18, 2007
No comments

Anthro — nice job with the tech support!

I had a completely atypical customer service experience when I called Anthro yesterday. A customer service rep picked up the phone on the second ring, consulted with Engineering while I was on hold, and then gave me a very helpful suggestion to my question. The whole experience took about five minutes and completely solved the issue. Two thoughts occured to me: first, that I had a great experience, and second, that I wish that more companies ascribed to this standard! It so happens that Anthro is local (Tualatin, OR). and now that I think about it, many of the local companies have terrific support departments. Perhaps there is something about the friendly culture of Portland that makes it a good place to host a customer service center.

Now for the actual issue. Our Anthro LTSC30 alternates charging one side of the cart at a time, but we only use one side of the cart. Rather than purchase a new cart, we wanted to make it possible to charge just the sixteen laptops as quickly as possible. The Anthro manual helped us understand that we could increase the timer interval length to 100 minutes, and tech support suggested that we could connect the second bank of power outlets directly to an external source if we wished. We didn’t adopt the latter suggested but instead connected all of the power supplies to the primary bank of outlets, increased the interval time to 100 minutes, and then instructed teachers to flip the external power switch to Off and then to Internal to reset the timer so that the laptops got a good 100 minutes of charge right away. We’ll keep an eye on how well this solution performs.

The following diagram shows the location of the power switch on the cart. The timer adjustment is a tiny dial located below and to the left of the timer, easily mistaken for a screw head.

laptop cart

Category: Hardware |
Richard | December 15, 2007
No comments

Social networks and responsible action

We recently discovered a Facebook profile impersonating a staff member on campus. We contacted Facebook, who immediately pulled the profile — the speed of their response was impressive. However, Facebook would not offer any help to identify the individual responsible, apparently an effort to protect the privacy of their users. Imagine the difficulty if they attempted to distinguish between legitimate and fraudulent requests for personal information about other users! At the same time, it’s easy to write sarcastically about Facebook’s intentions, given the liberty with which they share users’ personal information with Google and advertisers.

To find the person responsible, we decided to appeal to a feature of our school that we believe is strong — students taking responsibility for their actions — but it didn’t work. We wrote to a number of students connected to the fake profile, asking them to do the right thing and help the person who impersonated the staff member to come forward and explain himself. No one came forward. This could be for any number of reasons, but for the moment, I’m just disappointed that the school community did not live up to its ideals. Thankfully, I can point to a dozen examples of students acting with great responsibility and care. I just wish that it had happened this time, too.

Category: Social studies |
Richard | December 15, 2007
No comments

Pleasantly quick adoption

    Teacher 1: I believe your children know most of the words of their song materials; however, several asked for copies of the words. Please distribute these to your children in hard copy or by e-mail. I am all about saving paper.

    Teacher 2: The children are doing well on the language songs and are reminded every time we meet them to check Moodle for the French , Spanish, and Chinese songs and Drupal for the Japanese songs to practice at home.

This exchange was a pleasant surprise to read. Our intranet has only existed for a year, yet all four lower school language teachers, including a full range of technology profiency, are posting text, audio, and video online. They saw a great fit between the technology and their teaching and learning objectives and jumped all over it. Good work!

Category: Software/web |
Richard | December 13, 2007
No comments

Early Leopard experiences

I am thinking about the ability and timing of our users to move to Leopard. Here are some specific items to think about:

No more Printer Setup Utility. Use the new Preferences panel instead. Windows printing seems to have become more challenging, but we have improved our ability to script the addition of Windows printers.

Printing duplex and landscape don’t appear to work with Samba printers.

It has become a lot harder to find a network volume after you have connected to it — no more desktop icon, and now OS X connects all the way to the share instead of mounting the network share.

The default download location is now Home -> Downloads. This will throw a few people, though you can change it.

Category: Software/desktop |
Richard | December 5, 2007
11 comments

Add Samba printers in Leopard

Putting together a couple of other web resources, here is a step-by-step guide to adding Samba printers in Leopard. Our Windows print server is on a different subnet from many of our users, so the printers don’t show up automatically. This method also passes user credentials to the print server. Next step: to automate this process so that we can add multiple printers in one step.

1. Open System Preferences -> Print & Fax.

system preferences

2. Select to add a new printer.

add

3. The first time you do this, add the Advanced button to the add printer toolbar. Ctrl-click on the toolbar, select “Customize Toolbar…”, and then drag the Advanced button onto the toolbar.

toolbar

advanced

4. Select Advanced then specify the following printer settings.

Type: Windows

Device: Another Device

URL: smb://username:password@domain/printserver/printername, where username is your network username, password is your password, domain is your Windows domain, printserver is the name of your print server, and printername is the name of the printer share.

Name: the printer name

Location (optional): the physical location of the printer, e.g. “Vollum common space”

Print Using: Select a driver to use -> search for the correct model.

Select the Add button to save this printer. If prompted, select Duplexing. That should do it!

details

Update 1/8/2008: Thank you for the many positive comments to this post. It appears that print options such as duplex and landscape orientation are not working at our site. Does anyone know whether this is a known bug or something we may correct?

Update 3/7/2008: Looks like print options are fixed with Mac OS 10.5.2. Hooray!

Category: Software/desktop |
« Older Entries