Archive for December 3, 2009

Richard | December 21, 2009
No comments

Network Access Control

Our IT team has been meeting regularly to determine new infrastructure projects for the year. The list includes network access control and wireless access controller systems. Our discussions reveal a common theme: how many of the components of an enterprise computer network should we acquire and maintain, considering their benefits and costs?

Network access control is currently up for consideration. Three years ago, we installed our first network access control system to bring the following benefits to our school.

Limit the campus network to known computers and users
If computers not known to the IT department get on the LAN, they may be infected with viruses or running a spambot or other malicious software. Network access control software ensures that only computers that IT manages can get on the network. They do this through different methods, including client login and MAC address filter.

Offer guests an open wireless network for Internet access
If we limit the campus LAN to known users, then we should provide an open network for parents, vendors, guests, and users’ personal wireless devices so that they may still get online. The guest network presents a welcome page (captive portal) to the user that includes terms and conditions. The guest network only provides Internet access, protecting the school’s file server, print server, and other network resources. Guests may still access the school’s websites.

Track network activity by user
Increasingly, division heads have asked us to identify one student who has bulled another student through the campus network. If users are required to log in to access the campus network, then it becomes easier to trace network activity to a specific user. We have also implemented DHCP reservations so that the IP address on record is a reliable indicator of what computer was used for each network activity. This works well for a computer with only one user and less well in shared facilities. Since client login lasts an entire day (to avoid bugging users with multiple daily login requests), users of shared computers are not required to logi in often enough to positively identify each user.

Check computers for minimum system requirements
Even computers that we manage may become infected or compromised over the course of the year. We would ideally like to keep such computers off the network in order to protect the school’s systems and to stop an infected computer from spamming the world. One method is to block computers that do not meet minimum system requirements and then provide the user with links to the necessary software updates.

Current status
We currently run a Cisco Clean Access system to provide network access control and a public wireless network. We also gained the ability to track network activity by user, except for shared computer carts and labs. Despite lots of consultant help, we had great difficulty setting it up properly to perform these two functions. On account of the effort it took to get this far, we never did implement requirements checking beyond a small test group. Now, we are required to either upgrade to a new server software version (at great expense) or move to a different system.

Requiring users to log into client software to access the wireless network has been pretty intrusive. Ideally, this would be integrated with operating system login, but we hear that this is difficult to configure in our current NAC system with Windows and not possible for our Macs. Our users do not much like the additional login window that pops up, especially when it misbehaves, and they cannot access the wireless network.

Lower-cost options
Could RADIUS meet our needs? It’s a bit more do-it-yourself than buying a NAC product, it probably would not require user login, and it would not check systems for minumum system requirements. However, it would limit the network to known computers, which would take us part of the way toward our goal.

Setting our target appropriately
How much network sophistication can a school like ours afford to purchase and maintain? In a recent survey we conducted, only one of 26 peer schools was running NAC client software to check computers for minimum system requirements. The cost and effort required may not be worth the promise of reduced workstation maintenance and a safer network. We may have discovered that enterprise-level network access control is really

We will continue our investigation of different combinations of systems that could meet our needs and stay within budget.

Category: Network | Tags: , , , ,
Richard | December 14, 2009
No comments

Maru-a-Pula Website To Drupal

Just two months ago, I wrote how I was still using Website Baker successfully for two sites. Well, it’s down to one now! I have migrated the Maru-a-Pula website from Website Baker to Drupal. Maru-a-Pula is an amazing school in Botswana that I have worked from the U.S. to assist since teaching there from 1994-96.

Nothing went wrong with Website Baker. The school had just outgrown the basic CMS for its needs. The principal had started to write a news column, and while Website Baker does support news, the Drupal module is much easier to use. We now have several new features the school or I had wanted: RSS feeds sitewide, a blog for any author, actual calendar functionality, and all sorts of future possibilities using modules from the Drupal community.

For the sake of a smooth user transition, I built a new Drupal theme (sub-theme of Zen) to copy almost exactly the old Website Baker theme. The two sites look nearly identical. I have to re-theme the Search form. I have done enough theme work in the last year that I felt very comfortable manipulating template and CSS files to create the desired look.

The site is designed so that local tech staff in Botswana may take over as much administration as they wish. The site has no custom module code whatsoever, and all dynamic content is presented through content types, views and blocks (e.g., main home page photo and three feature columns).

New site
new site

Old site
old site

Contributed Modules
Calendar
CCK
Date
FCKeditor
Filefield
Imagefield
Link
Menu breadcrumb
Pathauto
Simplemenu
Site map
Token
Views

Category: Software/web | Tags: , , , , ,
Richard | December 12, 2009
No comments

Facebook privacy changes in schools

This week, I sent my first “Facebook warning” to employees, students, and parents. Here’s the teacher version.

Dear Colleagues,

Facebook has implemented new privacy settings that make it much easier to broadly share your personal information. If you accept Facebook’s recommended privacy settings, Facebook will make your status updates, links, photos, videos, and notes available to the entire Internet (think Google). I recommend that you instead manually adjust your settings. Select Settings -> Privacy Settings from the blue menu bar and review the options in there.

In addition, Facebook will now share your friend list both on the Internet and with third-party Facebook applications. You do not have control over that.

This article explains the change in greater detail.

I encourage you to raise this topic with your students. Let me know if you have further questions.

Richard

Facebook has made significant changes to their privacy policy before. Why did I react strongly to this particular one? So many students, a lot of parents, and a number of teachers use Facebook regularly. Privacy is an important concern for all of these groups but particularly for students. The new features directly affect user privacy, and Facebook’s recommended settings reduce user privacy. In the past year, we have gained a more detailed understanding of Facebook use in our school community. We felt it appropriate to help our users keep up with the moving target of Facebook privacy settings.

By finely managing one’s privacy and post settings, it’s now possible to maintain a fine degree of control over one’s posts. However, that control may be illusory, as Facebook seems happy to change the rules on their platform pretty regularly. Who knows where and when they will head next.

Category: Social studies | Tags: , , ,
Richard | December 5, 2009
No comments

Elders Are …

Second grade teacher Herb shared the following video with guests at grandparents and special friends day. First and second grade students completed an activity in which they drew, wrote, and spoke their thoughts about the elders in their lives.

I’m impressed with the ease that these students demonstrate in front of the microphone. Recording audio may in fact be less distracting than video. You get to observe student work while listening to an oral expression — two forms of work at the same time. It’s also fascinating to see the huge range of student responses to the prompt “elders are …”

I’m sure that Herb put many hours into the creation of this video. One day, I’ll find out how many.

We are pleased to share this video on our website, especially for the grandparents and special friends who were not able to attend.

Category: Curricular integration | Tags: , , , , , ,
Richard | December 3, 2009
No comments

Lightweight electronic portfolio

Fundamentally, an electronic portfolio allows students to publish their exemplary work, reflect on their learning, and invite comment. Some schools (1, 2) roll out full-blown electronic portfolio software that can access files from their learning management system. This may be a great approach if a school has adopted electronic portfolios as a major initiative for the year.

In our school, we have not yet explored the topic of whether we should all move to electronic portfolios. We have paper, in-person based portfolio exhibitions in third through eighth grades, but the high school does not, and faculty meeting time is fully consumed with other discussions about teaching and learning. At the same time, we have groups of students and teachers who want to publish exemplary work either to the Catlin Gabel community, project mentors from outside the school, or college admission offices.

In response to this level of interest, I decided to provide a very lightweight electronic portfolio tool. I used an existing feature in our Drupal website (rather than a new tool) to allow students and teachers to publish exemplary work in multiple media forms, reflect on their learning, and invite comment. Students simply create a blog post but then mark the item for inclusion in their portfolio. They can also make the item publicly viewable if they choose. The “portfolio” home page is really just the student’s blog, filtered by one or both of these flags. The way Drupal works, if a user is not logged in, they only see the items marked public.

blog checkboxes

So far, art seminar students have created public portfolios of their work, principally for the college admission process. Here is a portion of one. In May, all seniors will blog about their individual senior projects. Some may choose to make these posts public for their on-site mentor and others to see.

<%image(20091203-portfolio example.png|450|318|portfolio example%>

Techies out there may find the following Drupal module code useful.

function cgs_blog_form_alter(&$form, $form_state, $form_id) {
  if (isset($form['#node']) && ($form['#node']->type == 'blog')) { // apply only to "create blog entry" form

    // add a submit function
    $form['#submit'][] = 'cgs_blog_form_submit';

  }
}

function cgs_blog_form_submit($form, &$form_state) {

  // load content access functions
  require_once(drupal_get_path('module', 'content_access') .'/content_access.rules.inc');

  // load node object
  $node = node_load($form_state['values']['nid']);

  // set anonymous user grant array
  $settings['view'][0] = 1;

  // change node access permissions for this node
  if ($form_state['values']['field_blog_public'][0]['value'] == 'Make this post public') {
    // add view grant for anonymous users to this node
    content_access_action_grant_node_permissions($node, $settings);
  } else {
    // remove view grant for anonymous users to this node
    content_access_action_revoke_node_permissions($node, $settings);
  }

}

Category: Software/web | Tags: , , , , ,
Richard | December 3, 2009
No comments

Google Analytics and page trends

The new Google Analytics “Intelligence” feature looks pretty useful, but Analytics is still missing the feature I want the most. I would like to be able to see at a glance the biggest gains and losses among individual page views or categories of pages. Right now, it’s very difficult to set up a date comparison of item page views and browse looking for the pages that have experienced the greatest increases and greatest losses. I can’t be the only person who would like to see this feature!

Category: Software/web | Tags: , , ,