Tuesday, 8 December 2020

Tuesday, 14 April 2020

Latest Zoom Leaks: What it means and how can you be more secure?



500,000 accounts leaked makes for good headlines on sale on the dark web makes for good headlines, so why exactly are they being sold for less than a penny each? 

Firstly as a school, most teachers and students should sign in using their Google ID, so that Zoom does not get your passwords.  These were NOT part of any leak.

Secondly, this does not appear to be as exciting as it first appears, because a lot of the data appears to be meeting IDs or sign-ins rather than the actual sign-ins with usernames AND passwords.  In many cases these USER IDS have been matched to passwords stolen from Google, Microsoft, Facebook et al in previous attacks.

Right now, Zoom is a hot target, because it provides the service everyone wants.  Two pieces of advice to ensure you stay more secure:

1. If you sign up for any online service that's free, be sure to use passwords that you don't use for banks, payments etc. 

2. If you have a choice, use your Google or even Facebook ID, because that's one more layer a hacker has to get through.

Remember that it costs a lot of money to keep a service secure and Zoom has definitely been experiencing growing pains.

Stay safe everyone!

About James Abela

Before becoming a teacher, James Abela used to work as a web-developer and was responsible for the security of several million pounds worth of intellectual property. Also fought against Russian hackers.

Sunday, 5 April 2020

Zoom Video Conferencing Security for the non-technical

Tl;dr Make sure you use passwords, use and read waiting room IDs, give students meeting ID only just before the meeting.

The new focus on Zoom has meant hugely increased scrutiny from incompetent journalists who know nothing about cyber-security and competitors highlighting features that apparently make them more secure! In this article, I take you through the security Zoom has and how to make sure you are comfortable with that security.

There has been a lot of discussion over which is the best conferencing software for classrooms and all of the solutions I have seen have flaws. All of the conferencing software has been developed with corporate meetings in mind.  So for classroom purposes, there are features missing.

Zoom is the most feature rich from a teacher point of view.  It has key features that teachers love:

  • Waiting Room - students are admitted into the room by a teacher. Also prevents unwanted guests
  • Thumbnail video of everyone - Everybody can be seen in Zoom up to 49 people, which is enough for you to see all your class at once.
  • Breakout rooms - You can send students to smaller rooms, so that they can talk with each other.
  • Built in whiteboards - Not unique, but helpful.
However until this crisis Zoom was a small player and so went down a route of user convenience, meaning that you could just send out a link and join a meeting.  With the spotlight on them, this has now changed, by default you need a meeting ID, password and the waiting room is on by default.


Why are all of these features important?

When there were relatively few meetings, 9 numeric digits seemed like plenty, but now there are  200 million meetings every day with zoom. Even with a simple brute force attack you might be able to guess a number to zoom-bomb.   

However the password is a good deal more difficult to guess, so it is essential that this is ON.

Secondly, although a stranger might be able to come into your room by random they are unlikely to have the name of one of your students and so it is important to read every name in the waiting room.

With these three features setup, security from a teacher point of view is good.

The Odds

For the mathematically inclined your odds of guessing are: 
Chances to guess meeting ID: 200,000,000 : 999,999,999
Chances to guess password:    1:9999999999

Once you combine these then the odds of a simple brute force attack are tiny and actually smaller than using a leaked Office 365 account or Google ID to get into a meeting.


Students complicit

In some cases students have been giving away their personal information and meeting codes.  Therefore an additional security measure is to not give meeting IDs out too long before the meeting.  You can still schedule them, but only share with the students shortly before the meeting,  

Note if students misbehave, it is easy to enough to put them back into the waiting room. Be wary of kicking students out completely, because depending on your setting they will not be able to come back to the meeting.

Student Guidelines

Like anything else students need to know the rules that will keep them safe and have a smooth classroom. Here are the guidelines I use to run my lessons smoothly:
  • I assign a monitor every lesson to let me know if my video and presentation is smooth. They stay on audio for the whole time I am presenting
  • In Google Classroom, I ask a question to ensure everyone is active in the class and it helps to make registration smoother (This reduces the time I need to take a registration, because I can see instantly who is not there and ask directly) 
  • Students are told to be fully dressed and in a public space in their house.
  • Students must use their real names.

Teacher Tricks

I use these to help students, but also to reduce frustration because that's the surest way to ensure a student doesn't cooperate: 
  • I still use Google Classroom for students with weaker internet. 
  • I assign one Google Doc for the whole lesson with all the instructions in it, so that students have less screen flicking to do and can follow the flow even if their internet drops out mid-lesson. (Be sure to encourage use of offline docs.) 
  • I use Google Slides with the captions function to help students who are EAL
  • I record the lesson locally and upload to an unlisted youtube area. (In Malaysia, students can use Youtube data with 3G very cheaply).  If there is not an incentive to use YouTube, then use Drive instead.
  • I use a second screen so that I can see the student thumbnails at all times. (One good feature of Zoom is that even on a single screen you can see active students when screen sharing)
It might be obvious, but please don't share your Zoom classrooms on Social media... Notice how there's no picture of zoom in use here!

Alternatives to Zoom

There are quite a few alternatives to Zoom. Internet infrastructure varies and you might find one of these alternatives suitable for you.
  • Google Meet - Fully integrated into Gsuite, but lacks many of the features of Zoom
  • Microsoft Teams - Great for people with Office 365, but teachers who are not used to it have complained that the interface is cumbersome
  • CISCO Web-Ex most secure platform, but video performance is variable
These are more for specific purposes, but useful tools none the less: 
  • Streamyard - This enables up to 6 people on the call and you can broadcast directly for youtube. A good choice for assemblies and other events where you are going to give information to a larger gathering.
  • Flipgrid - A good way to be able to teach asynchronously
  • YouTube - Consider doing your presentations directly on YouTube. Don't forget you can add questions with TED ED Lessons or EdPuzzle


About James Abela

Before becoming a teacher, James Abela used to work as a web-developer and was responsible for the security of several million pounds worth of intellectual property. Also fought against Russian hackers.


Thursday, 5 April 2018

Getting Started With Computing Resources

Primary
For Primary I'd recommend the Barefoot computing resources and either making disposable robots such as what you can make with Raspberry Pi or using robots such as Dash and Dot which you are more robust.  There's plenty of options on the market, so have a look around. I'd make the decision in Vietnam when you know what you are doing.

For primary coding, I'd recommend Scratch as the go to tool if they're on Computers. Otherwise, Hopscotch, Scratch Junior and the new Swift coding for iPads (64 bit only)

Secondary

For Secondary you should do Python for iGCSE and A-level or Java for IB.  I've included a list of resources to help you get started.  I'd also recommend getting a good book for Python and as you are in the UK, I'd recommend checking them out at the library and see which you'd get along with. Java is generally considered more difficult than Python so I'd be careful about introducing it at Key Stage 3. Some have managed it at year 9 with some good frameworks. I've made a versal course that introduces the basics to year 8 for Python. https://versal.com/c/9tw8gy/secret-life-of-algorithms


General Resources

Hodder Key Stage 3
For a complete UK Key Stage 3 curriculum, this series is very useful:
(Interest disclosure: I am one of the authors) 

Barefoot computing (primary)
Great site for students beginning to code

UK Computer Science Curriculum

Dash & Dot Robotics

Apple's resources

Code To Learn
Scratch Based with some good resources

Code.org
Great organisation for beginner coders. I find it a little too on the rails in some parts.

Raspberry Pi Curriculum resources
Great for physical computing, but also a lot of good Python materials

Tynker
A very nicely packaged curriculum

Code Club Projects
Some nice projects here for Python

Please feel free to add other resources in the comments.... I'm sure all will be appreciated!

Sunday, 11 February 2018

Python Challenges Major Update

The Python Challenges site that I run has been through a major overhaul over the last 2 months, including a rewrite of most of the code providing interactivity.

A part of the reason for doing this is that Awesome Table are now charging for anything above 1,000 views per month and the fees are more than I can afford for what is a free site. Its a great tool, but I can't afford to spend on something I give away for free...

So I used this opportunity to update the site and rethink how it works. Initially I wanted to replace Awesome Table with some custom written javascript. (You can see this on the AS page) but I soon realised that this was a good opportunity to hand curate the important challenges and make them more engaging.  So both the iGCSE and A2 pages have been written by hand to give them a more individual flavour.

To make my life simpler, I now simply publish the master list of challenges directly from Google Sheets, it may not be quite as nice, but its quick, simple and Google aren't likely to charge me for the service in the near future.

Despite these challenges, the Website now feels more mature with hand curated challenges that really engage students and the A2 pages in particular have benefited from some new challenges created by my students.  I was very pleased to see the work that Jonathan and Sam have done on Prolog and Object Oriented challenges.

I hope you enjoy the new version of the site and please contribute by making comments below and sharing your thoughts!

The link is: http://pythonchallenges.weebly.com/

Friday, 17 November 2017

Google Docs for Code... Github's got it going...

Great news, the Atom code designer now looks like it will have real time collaboration. This is great in the classroom where students can begin to code together in school and at home.  Even more useful for students to help each other debug....



It takes a little more effort to install than Google Docs, but it looks well worth a try.  As a bonus, it is a great editor and I use it all the time for LUA. I may now also consider doing some Python with it too....


Find all the details at: https://blog.atom.io/2017/11/15/code-together-in-real-time-with-teletype-for-atom.html 

Saturday, 21 October 2017

Making GForms Quizzes less sensitive

Over the summer Google enabled short answers on their quiz functions. This is wonderful news. However as with all standardised forms, spelling matters and capitalisation matters!  However there are some ways to make things a little easier for students or at least give them a sense of fairplay.


In this example we want a name, so we insist that it contains at least one capital letter [A-Z] 

We could also insist that the characters are all lower case using matches and [a-z ]+
Note the space is really important if you want to have more than 1 word. 



Perhaps you are concerned about people using dogs rather than dog. In many cases both might be correct. Well you can sort that quickly using a maximum length.


You can also use numbers and this can be a great way to not only test maths questions, but also to give a large range of options with a multiple choice diagram,


For example you can easily ask test questions about this heart with a few simple short answer questions rather than do a dropdown from 1-8 or multiple choice.


If you'd like to do more complex regex expresions there's a great site to help you: https://regexr.com/ Please note that there are dialects, so not all regex you find on the internet will work with Google forms.