Data Privacy Month (with a painful story about the students-l list)

Today is Data Privacy Day. See http://www.staysafeonline.org/data-privacy-day/

To celebrate, here is a true story culled from the vaults of HMC server administrator lore. Read it, weep… and then change your passwords.

Once upon a time there was a moderator of the students-l list. She was diligent and hard-working, devoted to the task of saving other students time by only approving messages that she judged to be of interest to students, and collecting together announcements about events at the other Colleges so they could all be included in one message. She worked on this most days, using the students-l list software.

The students-l list system is very old and resides on a Linux machine called Odin. The list system is so old that it may have been created when “GUI” was only a railway code for a station on the Glossop Line and graphical user interfaces were figments of fevered imaginations at Xerox PARC.

Now one day our diligent moderator (let’s call her Agnes) logged in to the system and noticed it was really slow, slower than usual.  At first, Agnes thought that maybe the list system was on the blink or even that Odin was finally giving up the ghost.  She couldn’t moderate messages or send anything out to students-l. Agnes quickly reported it to the CIS Help Desk.

The server admins were soon busy examining Odin as it lay there on its sheets of Irish linen. Little did they know that they were entering their very own long dark teatime of the soul, not working on high priority HMC projects, but just trying to figure out what was going on.

Bit by bit (was that pun intended?), they discovered that Odin was sending out tons of spam and then getting back tons of bounce messages.  So many that poor Odin was choking, unable to give any attention to Agnes’ plaintive login requests. Even worse, Odin was failing to recognize Agnes’ user name and trying to send error messages about that.

“But why?” said the server admins, pulling at their hair (long dark teatimes can have that effect).  “Why Odin?  Why now?  Why spam?  …Why us?”.

Now you just have to sit there and imagine time passing. Slowly.  No students-l messages are getting through.  Spam is spewing.  The server admins are ignoring other things. “Educational Technology?…no time for that”.   Are you imagining that?

OK. In the end, they figured it out.  Another user account on Odin  had been hacked and the hackers were using it to send their spam. And how did they hack it?  You guessed it. A weak password on the user account….  Sigh. Once they figured that out, the server admins had to spend several hours cleaning up the mess and then let Agnes know she was back up and moderating.  Lots of time lost and all because of a weak password.

Data Privacy Day. It’s everyone’s responsibility to ensure data privacy. And it can start with a better password. For tips on creating a better one, maybe even creating one that meets HMC requirements, take a quick look at the HMC Password Policy.

Held annually on January 28, Data Privacy Day encourages everyone to make protecting privacy and data a greater priority. DPD is an international effort to empower and educate people to protect their privacy and control their digital footprint. It kicks off Data Privacy Month (http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/community-engagement/data-privacy-month).

Thanks for reading. Now go forth and change your passwords.

March 2013 update from the CIO

This is the March 2013 update from the CIO.shamrock

Computing Committee Survey.
In late November, I asked the Computing Committee to discuss how they thought CIS is doing, while I was out of the room. The committee decided to run a quick three question survey and got a large faculty response. The short version: CIS has made many improvements (we got a B- grade at Harvey Mudd College!), but there is still work to be done. For more about the survey and a link to the discussion of the results read Faculty Computing Survey Results.

ITIF
In January the Board of Trustees approved policies creating a new Information Technology Infrastructure Fund (ITIF). This is an important development because it will allow us to plan more consistently for improvements and renovation work on the campus network. We are currently creating an “inventory of need” which we will use to prioritize infrastructure projects over the next five years. We will be designing the network architecture to address security, reliability and speed of the campus network.

SIGMAnet wired network report.
As I reported in the Fall, we contracted with a local company, SIGMAnet to conduct a review of our wired network. The report came in on January 10 and I updated the PPCPC Trustee Committee later that month.

The network assessment highlighted several key hardware and configuration risks. Twelve major concerns were listed that can be broken down as follows:

  • End of life and end of support equipment in use. This equipment presents risks on two fronts, security and potential down time due to equipment failure.
  • Security risks in network switch access methods and quality of switch passwords.
  • Design gaps such as lack of redundancy in connections between network switches.
  • Software configuration inconsistencies.

The report goes into detail and will be invaluable in the development of our comprehensive plan, which will address all of the issues. If you are interested in reading the report or contributing to the planning effort, please get in touch.

Core Switch upgrade.
One of our first ITIF projects! Early in the morning of Saturday, March 16 we will be upgrading the HMC network core. The network core is responsible for aggregating all of our campus network connections and linking us to the wider intercollegiate network and the internet. It has to be fast, powerful and reliable. CIS staff will be working in partnership with engineers from SIGMAnet to replace our aging core. The end result will be aprodcut_bulletin_c25-688075-1 much improved arrangement, with a pair of Cisco Nexus 7000 switches at the core. In the near future, we will move one of the pair out of the A-room in Parsons to either Platt or the TLB. This will give us both redundancy (“more than one”) and diversity (“not in the same place”) at the network core. There will be some network downtime associated with the work on Saturday morning, but the end result will be worth it.

Thuban retirement.
As well as rolling out new things, it is important for CIS to manage the retirement of services, to make sure we are making the most of our limited resources.  Thuban, a VMS system, is a case in point.  Most infrastructure services (such as DNS and DHCP) have been moved off of Thuban. Fewer than 20 people are still using the email system on Thuban and we are actively moving their accounts to either Google Apps for Education or Office365.  A number of faculty still have static html sites on www2, which is hosted on Thuban.  We are exploring options for moving them.  One of my favorites is to host them on Google drive. (did you know you could do that?).

TLB updates.
The TLB is 120 days away! I’m sure, if you’re on campus, you can’t help but notice the speed at which things seem to be happening. Weekly telecommunication meetings began this week  They are starting to pull cable for the network and electrical systems; wireless access points (86 of them, compared to 134 on the rest of campus) and network equipment have arrived and will soon be installed. The Audiovisual plans are in place. Much of the furniture has been chosen. The cafe is taking shape…They will be starting to prime and paint the basement this week.  It’s real!

Canvas pilot.
In the Fall, a group of Computer Science faculty presented a Bite of Learning on their use of Piazza for class discussions. Elizabeth Hodas and I were discussing afterward how we needed to keep up with developments in the learning management system (LMS) world.  Sakai is the LMS currently used by the Claremont Colleges but there are some interesting new ones, like Canvas.Canvas It is not like Sakai is going away anytime soon, but we do want to understand our options. So we decided to ask the same group of faculty if they’d be interested in running a small pilot of Canvas. Ran Liebeskind Hadas took up the idea and is currently teaching CS 140/Math 168 using Canvas.  We’re looking forward to hearing about this at a Bite of Learning session on April 17.

Other articles on the IT News site.
There are a few other articles on the IT News site that you might find interesting. Cindy Abercrombie provided an update on student printing. Elizabeth Hodas wrote about a variety of audiovisual improvements we will make over Spring Break in big Beckman and Hoch-Shanahan, complete with a photo of the instructor station, which is the same as the ones chosen for the TLB.   And we have an update on the Portal Advisory Group.

So, while you faculty and students are away, the CIS mice won’t be at play.  Have a great Spring Break!

 

Update on Portal Advisory Group

Screenshot from 2013-03-14 17:30:10I’ve written about the Portal Advisory Group before.  Affectionately known as PAG, it’s a group that will assist us with setting priorities for the Portal, starting from the premise that the portal is a tool which we know HMC has not used to its full capacity. The group will guide CIS and the College in improving and expanding use of the portal.

The following people have all agreed to participate and I am grateful to them.

Mark Ashley (Registrar, Chair)
Lauren Kim (Assoc Registrar)
Susan Selhorst (CIS)
Cindy Abercrombie (CIS)
Paul Steinberg (HSA)
Vatche Sahakian (Physics)
Tim Hussey (OCA Communications)
Jennifer Greene (OCA Communications)
Guy Gerbick (DOS)
Scott Martin (BAO)

We are also seeking one or two students to help with this initiative.

The first meeting is being scheduled for just after Spring break.

I look forward to good outcomes!

Faculty Computing Survey Results

survey-300x224In late Fall 2012 the computing committee ran a survey of faculty, asking three questions about information technology at HMC.

About 50 faculty responded to the questions, and almost everyone wrote a few lines of comments in response to each question – in addition to giving scores.

Question 1: How satisfied are you with the current teaching services provided by the CIS (e.g. Sakai, portal, classroom support, labs, etc…)?

- Average letter grade: B- (2.57/4.00, 54 respondents)

Question 2: How satisfied are you with the other services offered by the CIS (email, research related services, laptop/desktop support, etc)?

- Average letter grade: B- (2.69/4.00, 55 respondents)

Question 3: How satisfied are you with the current computing services offered by your own department (e.g. email, website, lab, course support, etc)?

- Average letter grade: C+ (2.35/4.00, 49 respondents)

The spread of each score was roughly 0.50/4.00, with a bigger spread for the third question.

The committee summarized by saying that things have improved and are going in the right direction, but that there is still work to be done.

The computing committee members this year are:

Vatche Sahakian (Chair)
Alfonso Castro
Weiqing Gu
Jacob Bandes-Storch ’14
Joseph Vaughan

The committee made four recommendations of its own and added more recommendations coming from the Faculty Executive Committee. You can read the full report, with my responses to each recommendation at the following URL (HMC Credentials required to access the document):
http://goo.gl/oqxiF

Data Management Plans

Many faculty are already aware of the fact that the NSF and other funding agencies are now requiring that grant applications include a “data management plan”.  Last Spring, Jeho Park, our Scientific Computing Specialist wrote a report on data management plans, which is at http://goo.gl/XXdf8 (requires HMC credentials).

Jeho has also recently told me about the California Digital Library’s DMP Tool, which takes you step by step through the process of developing a data management plan.  It is at this link: https://dmp.cdlib.org/.  You can create an account at https://dmp.cdlib.org/institutional_login (choose “none of the above” under “select your institution”).  Once you create your account and log in, the tool is pretty self-explanatory.

Several faculty that have tried it have reported to me that the found it useful.

If you are writing up a data management plan, I urge you to contact me.  We can help with the specifics of how CIS systems are backed up and provide feedback on the plan.

 

Portal Advisory Group

I have been discussing the portal with a number of people around campus over the last few months. Improvement and expansion of the portal will be a key initiative for the next two years.

There are several reasons for this:

  1. The portal plays a key role in many important areas of the College’s activities.  Grades, Registration, Advising, Student Billing and Alumni Directory are just some examples.
  2. We know that other institutions have more attractive and functional installations of the same portal software (JICS), so our instance of the portal can be made better too.
  3. Because of the fact that we collaborate with the other Claremont Colleges to provide cross-registration for students, moving to a completely different portal is not a simple proposition.
  4. Both Jenzabar, the company that provides the portal software, and AISO, the Pomona College unit that manages the underlying student information system, are committed to making improvements to the system, and we can build upon those.  For instance, Pomona recently informed us that the back end database was handling 60 million transactions per day during the Fall pre-registration period.  They have recently migrated the system from HP Unix to Linux, and are anticipating improvements in response times.

We have already taken the first steps in the portal improvement initiative. We are planning to create a Portal Advisory Group, with the following vision statement:

The portal is a tool which we know HMC has not used to its full capacity. This group will guide CIS and the College in improving and expanding use of the portal.

Registrar Mark Ashley has agreed to chair this group, which will include representation from the many areas that use the portal, as well as faculty and students.  Among the tasks we will ask the group to undertake is to advise on the queuing of CIS projects related to the portal. They currently include:

      • HSA Advising application
      • 40+ Portal improvements suggested by Registrar
      • Electronic Billing
      • OCA requests
      • Student research portlet and forms
      • Single Sign On
      • Adding a staff tab to the portal

John Trafecanty has recently taken over responsibility for the portal, as his duties related to Sakai were much reduced when we moved the Sakai service to Pomona College.  John always bring talent and persistence to programming tasks, so we anticipate great work on the portal.

Watch for more updates on this initiative and do get in touch if you’d like to be involved.

CINE wireless signal is going away

When you are on the HMC campus and look at the wireless signals (SSID) available, you will normally see at least the following:

CINE
Claremont
Claremont-WPA
Claremont-ETC

As I mentioned in the September 2012 Update from the CIO, the Claremont Colleges have agreed to remove the CINE wireless signal from service. There are a number of reasons for this:

* The CINE network is open (anyone can access it).
* The CINE network is unencrypted and therefore insecure (network traffic may be visible to third parties).
* The Library licenses electronic content that requires authentication.
* The Library was subject to some overcrowding due to the “free wireless”.

The Library and some of the other Claremont Colleges have already stopped broadcasting the CINE signal.

What should you do? The next time you need wireless access on campus, you should configure your laptop or other wireless device to connect to Claremont-WPA . This is a one time configuration as most laptops will remember the wireless network and can also be configured to give Claremont-WPA priority over other networks on campus. You will not have to enter your HMC Credentials every time you connect to Claremont-WPA. For details about how to do this visit the following link:

http://www.hmc.edu/about1/administrativeoffices/cis1/faq1.html

We do not yet have a fixed date on which the CINE signal will go away. We need to design a guest access solution that will work for the HMC community and allows access for many types of devices. Our target to get this done is the end of 2012.

If you have questions or need help configuring your laptop or other wi-fi device to connect with Claremont-WPA, please contact the Help Desk on the first floor of the Sprague Learning Center (helpdesk@hmc.edu or 909 607 7777).

Time to change your password!

As we move into Fall semester, some of the authentication systems managed by CIS will be configured to require password resets every 365 days.

This is a step in improving the overall security of HMC systems and bringing us into compliance with our password policy.

To reset your passwords please visit the HMC password and account management portal at:

https://iaas2idm.fischeridentity.com/identity/self-service/HMC/kiosk.jsf
(Nov 2012 edit: we have replaced this link with

https://iam.hmc.edu/identity/self-service/HMC/login.jsf

)
Using this portal, you will set up security questions and set the password for all of the following systems in one go:

Claremont WPA wireless (eg laptops, phones and other devices that connect to Claremont WPA wireless)
Alice and Charlie file servers
Cognos 10 reports
Google Apps for Education
Ultipro

If you have not reset your passwords in over 365 days, you should do so. We will be working with each department to ensure a smooth transition to this new system.  You can change your password any time you like using the password and account management portal.  Once we have worked directly with each department, we will turn on the feature that requires a password change every 365 days.

Thank you for your understanding and your efforts to increase the security of our systems.

Please don’t hesitate to send questions or concerns to us at helpdesk@hmc.edu

How are you using Office365?

A while back, I posted an article about how Prof Eliot Bush is making use of Google Apps for Education.   We recently completed the migration of accounts from mailbox-01 to Microsoft Office365 for Education.  I asked Patricia Wang how she liked it, and to tell me two things that she does with the Office365/Outlook combination.   Here’s what Patricia wrote:

Since I was really comfortable using Zimbra, I was a little apprehensive about migrating to Outlook 2010. I’ve only been using Outlook for a short time, but I’ve discovered a couple of features that I really like already.

One of the features that I find helpful in Outlook 2010 is the built-in task list. I use it to organize my tasks by assigning due dates, setting reminders, and marking tasks as complete when I finish them. It can also be used to delegate tasks to other people and manage task assignments. Tasks can be created from scratch by selecting the New Items > Tasks button on the Home tab. However, my favorite way to create a task is by by dragging an email to the task button on the bottom of the navigation pane. This transfers an existing email message to my task list without me having to create an individual task from scratch. I can also use this drag and drop method if I want to flag a contact record for follow-up.

Another feature that helps me keep organized is the Rules Wizard. Outlook lets me set up instructions, called rules, that determine how it should process messages upon receipt. I can set up rules to automatically move, copy, delete, forward, redirect, or reply to an incoming message. For the messages that are already in my inbox, I love the run-this-rule-now feature. It’s like waving a magic wand to reduce the clutter in my inbox!

I hope to discover other neat features as I explore Outlook 2010!

Thanks to Patricia for sending these comments. If you have other interesting ways that you make use of Google Apps or Office 365, don’t hestitate to share in the comments section below, or send me an email.

How do you use Google Apps?

We’re putting together short articles about the ways that people make use of the new HMC Google Apps for Education service.  I asked Eliot Bush, chair of the Computing Committee, to give me examples of things he does.   Here’s what he wrote:

One thing I do is use appointment slots in google calendar. This is great for setting up meetings with students. When its time for advising meetings and registration, I set up a bunch of appointment slots and have them select them.

I also co-teach quite a bit. We often have to do things like write an exam together. Its so much easier to do this with a google doc which can be edited together. It saves us from having a thousand different versions flying back and forth over email.

If you have found a good use for Google Apps, or know of a Google add on we should activate, please don’t hesitate to get in touch, or leave a comment on this post.