Rambling Thoughts on Security and the IndieWeb

PLEASE NOTE: This post is, in expository terms, a mess.  While I may edit and clean it up later, I am very much thinking out loud and typing ideas before I forget them,


The heartbleed mess got me thinking about security again.  It started with pondering a password manager, particularly whether to go with something third party and web based like LastPass or Install KeyPass locally.  From there the scenario moved to “If I use Keypass, where to put the database, and what things to encrypt.”

I installed an S/MIME cert from Start for my primary email on this server. I did this of course just as the entire CA system was being called into question. How’s that for timing?  As I continued to poke and prod, I discovered that no iOS browser checks for certificate revocation.  Ouch.

So back to the web of trust I went.  First there was the question of how to protect a GPG keypair I might create.  I imagine two possibilities.

  1. Having a dedicated CPU (probably a Raspberry Pi) for security operations.
  2. When reading about something else, I came across a reference to Qubes, an OS designed to contain exploits by using appVMs and aggressive sandboxing,

The lead developer of Qubes, Joanna Rutkowska , wrote about her security setup.  I found it an enlightening introduction into the behaviors necessary to improve security.  I might try Qubes if I had a machine to dedicate to the endeavor,

Finally my thoughts turned to various attempts at more secure and/or federated systems

  • Pond - forward secret messaging
  • Trsst - microblogging/RSS feed reading that supports GPG – Now with Alpha Code that runs
  • MailPile - standalone MUA that supports Web of Trust
  • FreedomBox and ArkOS - implemetations of personal plug servers for data storage and service provision

When I compare these to all the “facebook/twitter killers”  that haven’t taken off yet.(Diaspora, Friendica, Tent, Pump) I realize that the projects which are seeming to move forward target individual users, rather than try to focus around federated social networks, This lets adoption happen one user at a time,

I think the killer app for the federated social web is a single app that can aggregate all these protocols into one stream,  Gwibber was headed that direction ( I haven’t used it since it became Friends).  Mike Caulfield argues that this aggregation happens in the notification panels of our smartphones and tablets.  I suppose there is no particular reason the hybrid apps on our devices couldn’t point to local instances of federated services from our basement plug servers.   I’ll have to ponder how that would work.

Thoughts on Mike Caulfield’s Vision of Storage Neutral Apps

Today Mike Caulfield proposed a different vision of cyberinfrastructure. It’s late enough that I may be missing something, but here’s what I think he’s saying,

At present you have two options for personal cyberinfrastructure –

1) Use big cloud providers (Google, Facebook, etc.)  Pay in data mining and lock in rather than money. Have little control over your presence

2) Get your own domain (or a VPS if you are truly brave) pay some money and lots of what Ryan Brazell called the web version of “sweat equity”.  Have as much control over your presence as your skill set allows, including content portability. This is essentially the premise from which Jim Groom et cie. are working with Domain of One’s Own at the University of Mary Washington.

Caulfield quotes Klint Finley to support the idea that most end users want data and software portability, but don’t care about the other control that being able to rewrite free software allows.  This leads Caulfield to a third way, which looks something like this:

You buy software, a VPS, and cloud storage, but not necessarily from the same provider. Everything is interoperable enough that you can change software, server provider, or storage provider easily.  All my payment is done via money, rather than sweat or data mining.

Caufield’s idea addresses the most common criticism of the personal cyberinfrastructure movement, that nobody wants to mess with the inner workings of their website, not even in cpanel. I find it very discouraging that Mike may be right, especially as someone who works in higher ed.

James Burke pointed out more than thirty years ago in Connections that modern society allows us to go through our lives without knowing how much of anything really works, One of the things all education wrestles with is how much of the inner workings of various things (chemistry, music, economics, etc.) a broadly educated person “needs to know”.

We have in so many areas of life already given up knowledge and control so that a scenario like E.M. Forster’s “The Machine Stops” is now quite plausible. For much of it’s earliest history, the Internet pushed back, in the 90′s building a web presence meant knowing HTML and maybe even having to brave the CLI. It was a place where you could learn to be hands on, even as your cars and appliances became too complex to be fixed by non-experts.  Now the pendulum seems to be swinging again,   The success of Blogger, WordPress.com, and, yes, Facebook supports Mike’s contention that people want a less hands on solution.  However,  I believe that the Internet is a fundamental “System of the World” to paraphrase Newton, and that it is among the things of which an “educated person” should have some understanding.

I think this could be done by replacing the desktop applications class that constitutes many students’ formal learning about computers with a “technology and society” sort of course that would could cover everything from the Internet and its issues to  GMO food and personal fabrication/3D printing,  Recent attempts at technology law and policy (remember SOPA/PIPA?) show us that those responsible for policy (including voters) desperately need a better understanding of how, at least conceptually, it all works.Domain of One’s Own tries to do that.  I’m not sure Mike’s solution is up to that challenge, even though it’s quite a step forward from what most people use in terms of portability and privacy..

MOOCs, Completion and Credentials

I’m thinking about MOOCs again. This started when Coursera announced to participants in the “History and Future of (Mostly) Higher Education” MOOC lead by Duke’s (Soon to be CUNY’s) Cathy Davidson, that almost 1500 of us had met the requirements of one of the two levels of completion certificates (Disclaimer: self included — Aside : I wonder when this will be available as an OBI compliant badge). When I asked how many participants there were (yes, I was wondering about completion rates), I was immediately reminded that completion wasn’t a good measure of learning (by the way, about 18000 signed up for the MOOC, which doesn’t say much about how many actiively participated or how they did it.) Then Stephen Downes, at halfanhour, compared MOOCs to newspapers and other media, pointing out that one doesn’t do every activity in a MOOC (especially a cMOOC) any more than one reads the entire newspaper from cover to cover.

I hope we have reached the point where we can acknowledge that learning happens without completion of a set curriculum as a prerequisite. Alas, the current structure of higher education is at least as much about signaling and sorting as it is about learning. John Warner argued recently in Inside Higher Ed that…

“…the demand isn’t for education, per se, it’s for what we believe education can provide: a secure, stable life. This narrative may not even be true, as Freddie DeBoer argues in a recent post, but we cling to it anyway because what choice do we have?” *

Given the growing focus on education as an economic lever, I’d argue that the demand is for something with the signaling function to potential employers that a degree has.  At least some of that signaling function works because colleges and universities assert that someone who has a degree has at least done certain coursework and hopefully acquired certain knowledge and skills in the process.  Whatever a MOOC non-completer learns, there’s nobody making that sort of assertion.  It’s largely because of those assertions that governments, employers, families and individuals are willing to pay for education, both directly and indirectly.

In an imagined world where a large proportion of adult learning occurs through environments like MOOCs where learners are free to pick and choose what they do, how do we back up assertions of knowledge and skills so the process is one society is willing to invest in?  My best guess would be some combination of open badges and e-portfolios.  What do you think?

Rhizo14 Weeks 5 and 6 : Community as Curriculum and Where We Go from Here

I’m a bit behind schedule in #rhizo14, so I’ll tackle a couple of topics at once.

When I saw Dave’s Week 5 video, I was immediately reminded of George Siemens and the 2008 version of Connectivism and Connected Knowledge. George, in 2008, wrote about how it was the connections to other people that were truly important to learning. Later it was even suggested that content was a McGuffin, there to bring people together more than as something inherently important.

This brings me back to something I may well have discussed before. The massive courses I’ve participated in that have worked well share an important characteristic. Most of the people in them are already somewhat versed in the topic. In that respect, they are more like upper-level seminars than introductory survey courses. Learners know enough to , at least to some extent, design their own learning path, and their peers know enough to be helpful when questions are asked. There are probably some examples of rhizomatic “seeding” in introductory courses, but they seem to be rare.

As to where to go from here. I think you may well end up with something that looks like one of the many special interest Internet forums, where a community coalesces around a subject and learns from each other.

Rhizo14 week 4 – Questioning Books and Stupidity

My first thought when I heard Dave’s question, “Is books making us stupid?”, was that that construction (‘singular’ verb with non-pronoun plural subject) is used in Celtic languages like Welsh and Cornish.  In labeling things right or wrong, perspective matters.

Many years ago, when I took Intro to Broadcasting, I remember the professor, whose given names were Herbert Hoover , to give you a sense of his perspective, telling us that broadcast journalists were the beneficiaries of “status conferral function”, the belief among the masses that anyone who managed to get on TV in those days of three networks and PBS, knew what they were talking about.  Dave suggests that books have some of the same presumption of authority as broadcasters did,  Perhaps this is related to the fact that for the first several decades of western printing, the only printed book most people saw was a Bible.  If you wanted to make a conscious/subconscious link between print and authority in the early modern era, you could hardly pick a better title.

Before we’re too harsh on books, we should consider the alternative, oral transmission.  Technological optimists are quick to point out that there is now digitization, but as this graph from Yale’s Paul Conway points out, density of data storage and media lifespan don’t necessarily go together,

Media Density and Lifespan from Conway, Paul “Preservation in the Digital World”

Oral transmission has some notable successes, Beowulf, the Iliad and many other epics, along with huge folk song repertoires, were transmitted orally for centuries before being put into writing.  There are also some notable failures.  Languages like Cornish and Wampanoag are now being reconstructed from text sources because at some point oral transmission failed. We have the Epic of Gilgamesh, not because of thousands of years of oral transmission, but because it was preserved on clay tablets.

Even books that were once authoritative and are no longer so are useful.  My Bib and Methods professor in graduate school pointed out that old books like “out of date” encyclopedias can show us what was considered conventional wisdom in the past, and help us understand how knowledge and beliefs have changed.

Although many have predicted that the Internet will bring the end of the printed book, I wonder if it might help us gain a more balanced view of text.  The Internet age, when anyone can publish anything, is forcing us to be more skeptical of text in general. To the extent that that skepticism and need to verify things ourselves extends to texts printed on paper, we may start to escape the real problem with books, which is that they tend to make us unquestioning. Thus, whether the answer to Dave’s question is yes or no depends on whether you take being unquestioning as prima facie evidence of stupidity, although I imagine that wouldn’t have been nearly as catchy a title.

 

#FutureEd Peer Assessment 1 – Unlearning What it Means to be Learned

I’m not sure if it was reading encyclopedias for fun, or treating Jeopardy as appointment television each afternoon, or the years on the school quiz bowl team, but as a teenager I was quite certain that you could identify an intelligent and educated person when you saw them because they knew a lot of stuff. I also knew that factual accuracy was hugely important.  I just couldn’t understand why, one day when I patiently corrected an acquaintance that every big, fancy church was not a cathedral and that you had to have a bishop in residence, he promptly told me off.

It was in college that I started to unlearn the proposition that factual knowledge = intelligence and education.  I noticed that the adjuncts with Master’s Degrees, not the tenured Ph.D.’s were the instructors that had the best rapport with students and seem to inspire the most learning. But surely all those Ph.D’s knew more, didn’t they?  If being learned didn’t mean knowing stuff, what did that mean for me?  For a very long time , being the person who knew lots of stuff had  been a huge part of my identity. I took being called a walking reference book as a compliment. I won at Trivial Pursuit against a room full of Mensans.  Then came the absolute tipping point … Google.  The game was up.  With a search query , anybody could know stuff on demand with no expensive book habit required.

I still remember a moment when I started to understand what the alternative was.  I was in a music methods class and the professor was discussing the folk ballad “The Twa Sisters”.   I mentioned how it was like _________ (I can’t remember what, but whatever it was was non musical.) After class she stopped me and told me it was an intelligent comment, because it had made a connection between two not obviously related things. Maybe being educated was about being able to put facts and ideas together, like puzzle pieces. (Please note that I still can’t stand jigsaw puzzles.  They don’t lend themselves to brute-force analysis.)

This realization has, slowly but surely, changed how I teach.  In my first few years, I still clung to “objective” tests because I lacked the confidence and energy to defend a “subjective” grade on a writing sample.  I have slowly but surely moved the other direction, and have now reached the point where the graded multiple choice exam has disappeared from my course design. That unlearning also helped push me towards things like #FutureEd.  Most of our educational habits teach students something (explicit memorized knowledge) that is much less important than it used to be.  The questions I am left with are, “What learning tools help to create what I now understand a learned person to be in the same way a pile of encyclopedias and a Jeopardy habit helped create the knowledge-filled person I thought  a learned person was?”  “How do we make those tools as available to the world as Google is?”

Rhizo14 Week 3: Uncertainty and Goals

This week, Dave asks “How do we keep people encouraged about learning if there is no finite, achievable goal?”  This is a fascinating question, which Dave has already answered. :)  The last step of Dave’s plan for success in a MOOC is “focus”, the point at which you decide what your goal is for the course.  There’s always a goal, it’s just a matter of where that goal comes from.

This doesn’t just happen in formal learning environments.  When most people learn to drive they have the goal of being able to get a driving license.  A smaller group have the more ambitious goal of getting a CDL so they can be a chauffeur or a trucker.  Very few have the goal to make it to NASCAR or Formula 1.  The learner always decides what their goal is.  They may or may not make that learning goal explicit.  Only when  an external credential is sought does the adult learner cede some of that control. In order to earn a driving licence, one must learn the traffic laws/highway code/etc. well enough to pass the written test.

This brings me back to a point I made in week 1.  Learning is very open, free, and flexible.  Most of the issues of power, dependence, and the like arise when learning is joined at the hip to credential seeking.  Ergo most of these issues are less about learning per se and more about learning’s role in the credential seeking process. Alas this is probably inevitable.  I imagine the number of people willing to pay to learn would be much smaller if there were not a promise of economic benefit.

What Education Should Be

Among the questions of the week in “The History and Future of Higher Education”  (Cathy Davidson’s MOOC at Coursera) is “What kind of education do you believe in?”  There are so many ways to answer that question that it quickly becomes daunting.  Nevertheless, I’ll start with the most controversial thought first and go from there, but before I get started, let me explain why this post isn’t in the Coursera forums.  One of the items in A Bill of Rights and Principles for Learning in the Digital Age is “The right to own one’s personal data and intellectual property.” I’m asserting that right by not putting my discussion posts in the forum at Coursera.  Instead they will be here on my blog that I administer.  If Dr.  Davidson and her colleagues were more serious about this right, they’d consider setting up an RSS aggregator as DS106 has done.

1.  Education should care less about sorting.  The process of dividing the A’s from the B’s from the C’s, while it may be nice for HR departments sorting through candidates, doesn’t seem to me to help people learn.  I believe in education that puts learning first, assessment second (has the learner met the objectives) and sorting last.  If I could snap my fingers and change one thing, all education would be pass/fail.I think this would also help build community, because you’d never be trying to get a higher grade than the person next to you.

2. Education should value process over content (most of the time) .You can’t hold a conversation in a language if you have to look up every word, and I don’t want the paramedic taking several minutes to look up things while I’m in a medical emergency, but in many other cases, we don’t need as much instant recall as we once did.  Unfortunately, far too many educational experiences are still designed as if we do.Oddly enough, this is something the oft-criticized “menu” of general education curricula understands.  One can learn a scientific way of thinking from studying biology or chemistry or physics, for example.  Keith Devlin from Stanford recently wrote this about MOOCs

What MOOCs and other forms of online education have already been shown to be capable of – and it is huge – is provide lifelong educational upgrades at very low cost.

 

But based on what I and many of my fellow MOOC pioneers have so far discovered – or at least have started to strongly suspect – the initial “firmware” required to facilitate those continual “software” upgrades is not going to get any cheaper. Because the firmware installation is labor intensive and hence not scalable – indeed, for continuously-learning-intensive Twenty-First Century life, not effectively scalable beyond 25-student class-size limits.

I like his notion that one of the primary purposes of traditional higher education is to engender the habits that allow a person to learn from a MOOC environment.

3.  Education should be learner-directed.  Ideally, learners should be  able to pick projects from within broad areas that match their interests and passions.  They’ll stick with them not because of grit but because they care about what they are doing. Some of my thinking on this issue is informed by my parallel participation in Dave Cormier’s Rhizomatic Learning Course hubbed at P2PU.  It’s probably because of spending a couple of weeks in the #rhizo14 cohort that My first impression of #FutureEd was how restrictive it felt by comparison.  One could argue that #rhizo14 is more of a curated discussion than a course, to be fair.

I wrestle with the suggestions I’ve just made because I recognize the value of some things I’ve learned that I didn’t want to learn at the time.  For example, an “Intro to Literary Theory” graduate seminar, by making me read Freud and Derrida, helped me realize how much the reader matters to the experience of reading and understanding a text.  I’m not sure how to balance the benefits of exposing learners to ideas they didn’t know about and the benefits of learner agency.

A New Date Format or “Where did those zeros come from?”

For some time I have been a fan of the Long Now Foundation, a group dedicated to the encouragement of long term thinking.  This may owe a least a bit to the fact that  Neal Stephenson’s Anathem, one of my favorite novels, was inspired by Long Now’s 10000 year clock project.

One of the more idiosyncratic things they do at Long Now is using five-digit dates,  They hope that seeing that leading zero will help people think of a future when the first digit of years is some other numeral.  As a small virtual shout-out, I’ve tweaked my WordPress template to use five-digit dates.  I will acknowledge that it may not fit well visually with the runes and Old English title of my blog, however.

Rhizo14 Week 2: Independence and Learner Motivation

This week, Dave has challenged us to create a model of enforced independence. Isn’t this at least a bit oxymoronic.  If you have to enforce independence , is the learner truly independent, or is she dependent on you for her (forced) independence?

My other thought stems from a comment Dave made in the week 2 video in which he presented learning to drive or cook as models of the kind of learner independence we are seeking.  Another thing that sets these apart is motivation. If one is not wealthy enough to eat out all the time, cooking is a necessary skill if one wishes to eat.  In many (but not all) places driving is a necessary skill for those wishing to participate in modern society by holding down a job or having a social life.  Necessity does a wonderful job of enforcing learner independence.  Learners are also quite good in many cases at being independent when they are learning what they want to learn.

What if neither of those is the case?  Can you effectively enforce learner independence absent strong internal motivation on the learner’s part?  These questions present themselves in more formal contexts.  For too many students, courses outside their major are hoops to be jumped through.  When the learner goal is to survive/pass with minimal effort, the sorts of behaviors characteristic of independent learning (iteration, seeking out sources)  are perceived as a waste of time.  If you then expect them to be independent and enforce consequences on those who aren’t, you get called in to explain why your students aren’t succeeding.

I suppose the broader question is, “Can a rhizomatic model work with students for whom the learning experience is just a requirement?”