Post Conference Spam

Sadly information technology conferences give our email addresses and phone numbers to the vendors who attended. That results in me getting an uptick of spam especially in the weeks after it. It is easy to tell the spam from the conference because the vendors mention the name of the conference. All the conferences do it. It is just one of those things from going to them.

One recent gem: “Sorry we missed you.” Actually, I intentionally did not visit the vendor area. I have no budget authority,  so I am pretty much wasting their time. Last year I did with an old boss and ironically used my familiarity with Desire2Learn to get him a moose doll for his son. (He’d already gotten one for his daughters but felt bad about getting a third. Family stability is more important than some extra spam.)

Technically spam is “unsolicited usually commercial e-mail sent to a large number of addresses.” This is commercial email. The number of addresses is modest so not large. But, I think where it gets interesting is whether or not it is solicited. One could make the argument that the conferences solicit the email addresses of attendees as an enticement for the vendors to attend. The quality of the vendors entices attendees. (I’m pretty sure people who care enough at all are a small proportion.)

It is tempting to ask the conference if it is possible to have the vendors mark categories of products they sell and attendees to mark what categories they are interested in hearing. Unfortunately, I would expect 93% of attendees to mark nothing as their interests to avoid getting spammed. Maybe a mitigation is say if you mark nothing, then we send you everything. (So pick your poison.)

 

TED Talk: End Bad Meetings

David Grady shows a clip, but here is the whole thing. It feels quite familiar.

His TED Talk:

2015-04-11 15.51.22 Personally, I hated status meetings for one project but liked them for another. The bad one was purely about going over the project plan every week and 40% of the time was spent telling the project manager what to type in order for the director to understand the item. The good one we talked about what everyone was doing and spawned side discussions about dealing with where people were stuck.

Certain people I know respect everyone’s time, so I’ll blindly accept everything they throw at me. Anything my boss sent me to I’d just go. While I may not know why, my time was never wasted.

The worst? A certain vendor in investigating issues affecting thousands of users in production, would schedule a time for us to meet about their findings. The content of the meeting would be, “We have not found anything yet, but this is still our top priority. Can we meet again at <new time>?” Yeah, this is a waste of everyone’s time. Just send an email a quarter hour ahead of time explaining you need more time and pick a new one. This is so important people will MAKE time to be there.

For years, I have tried to make sure I include the why of a meeting in the invite. And if my “bad meeting” radar goes off, then I will inquire about the why for it.

Wrap Up #USGRockEagle13

Now that I am back at work… And apparently was photographed and did not know it…

WordPress.com’s Jetpack publish feature pushed my prior Rock Eagle related posts about sessions I attended to some of my social media presences. Guess I could +1 them for Google Plus? Looks like the last time I blogged as much about Rock Eagle was 2007? Sad.

Also, I gave out only three business cards and received three new Twitter followers. @TBrow01 and @TylerWatts and @technicalissues There was some good activity on the #USGRockEagle13 Twitter hashtag.

What I like most about Rock Eagle is the conversations that happen outside the formal sessions. Friends and even bosses from my last job come, so we get to catch up. Even total strangers end up talking to me about things.

  • Last night a student worker who graduates in December. Hiring him full time fell through, but they will hold on to him as casual labor through February. As other staff left, he picked up some of their responsibilities to the point of having too much that can be completed by March.
  • A web developer who appreciated the conference for providing the big picture of how he fits into the 40,000 employee cog that is our university system.
  • A developer who moved to a school in the Technical College System of Georgia working on implementing a learning object repository with potential to be a system wide implementation.
  • Informal conversations with people who work in the same building. Guess people rushing off to the next meeting or sitting quietly in their cubes never really talk.

Plenty more happened.

Guess I will post the video of the fireworks later. It has been at 6 minutes remaining the last hour.

Institution Analytics #USGRockEagle13

Janice Hill, Columbus State University

  • Process:
    • Define KPI’s : grades,  starting degree, ending degree, and many more.
    • Design and Implement : ODI integrator
      • Subject area example : summation helps reports only pull one row per student.
      • Updating : degrees awarded only loaded at end of term.
    • Validation of data : Work with Institutional Research to figure out where wrong. Consulting with individuals who think data did not look right.
    • Production release : Start a new cycle.
  • Data elements:
    • Banner, PeopleSoft, Excel spreadsheets
    • student head count, student attempted credit hours, and about 30 others.
  • Dashboards : 8 in production, 2 in completed validation, 2 subject areas ready to be built. Changes to a dashboard not saved across sessions, so users need to export to a file.
  • Structure of Dashboard : Level prompts : College, department, program, major, term. Analysis. Footnotes.
  • Users with access : President, VP, Deans, Dept heads.
  • Export types : PDF, Excel, Web,
  • Errors: BI data loaded at 6am, so local data pulled at 9am WILL result in very small differences.
  • Progression dashboard : credit hours by term, avg GPA by class, avg GPA vs credit hours earned, demographic breakdowns, grades by academic level, grades by section
  • Retention and Graduation dashboard : after 1 year, after 6 years. Use both counts and percentages.
  • Talk with faculty about their data needs so can show it exists or build it into a report.
  • Individualized training. Understanding how to filter is a challenging concept.
  • User tracking enabled, so know how long they stay on a dashboard, filters used, the SQL used.
  • Try to use as little filters as possible. Her job to get the data. User’s job is to interpret.
  • Decisions and policy affected by this data.
  • Trying to get grade data to improve early warning.
  • What are the products for which they want analytics?
  • Using University System of Georgia requirements for retention, so pegged to Fall enrollment. “Some times you have to go past what makes sense to you and implement the rule.”

Excellent session!

Extend LMS With LTI Tools #USGRockEagle13

David Robinson, Georgia Gwinnett College

  • Mash up nifty tools with an Learning Management System.
  • It is a standard, so a defined protocol achieves application portability. The tool can work with any LMS the same.
  • Terms:
    • Tool Provider : the tool with its packaging.
    • Tool Consumer : the system using the tool, like D2L.
    • Context : the course or another other location with the consumer like the Org in D2L. IMS contexts need to be mapped to D2L contexts.
    • Link : is a link.
    • Roles : various systems call roles different things. The IMS roles need to be mapped to the D2L roles.
  • LTI Secret Sauce :
    • Tool admin provides link, key, and secret
    • D2L admin creates the External Learning Tool which includes the link, key, and secret.
    • Instructor adds the quick link to the tool for the course.
  • User clicks the link. Information sent to the tool provider such as user, context, role, key, and signature. User launched into the remote tool. A Single-Sign On, aka no login again.
  • Macmillan wants the admin to setup a link for every course. Impossible to sustain. McGraw-Hill one link and instructors setups the course by selecting a book.
  • Select where it will be deployed such as every Course Offering under a Course Template.
  • Open in New Window tends to work better than inside an iFrame.
  • Instructor role by default can create LTIs, even duplicates.

Integrating D2L-Drupal Via LTI #USGRockEagle13

Tom Boyle, Kennesaw State University

  • Half Drupal and half Desire2Learn interest.
  • Request to determine how to decrease time it takes for an online student to go from application to orientation to advisement to registration.
  • Orientation took place in Desire2Learn.
  • Script looks for applicants in Banner and creates the user in Bulk User Management. Registrar enrolls them in the course.
  • Student takes the quiz.
  • Learning Tools Interoperability (LTI) is a way to integrate systems parallel to an LMS without the need for separate custom integrations. Custom output module  uses D2L external learning tools and LTI.
  • Drupal link is not world readable and users do not have to login. D2L configuration familiar. Open source allowed to write custom code to output to Banner. Sometimes the user does not click the button within Drupal so nothing gets captured. Maybe they should automatically click the button for them?
  • YAY!! Tom is using his test instance of D2L to demo instead of production. Love it when our clients use our services right.
  • URLs are not usable unless sent over by Desire2Learn ELT. Yay, for security.
  • Added LTI Tool Provider and OAuth-PHP libraries to Drupal.
  • Got to explain to Tom what some of the values he sees in the session variables.

Discussion:

  • Alternative method:
    • Intelligent agent emails an address to inform them the orientation is complete.
  • KSU going to use similar method for putting staff into course(s) for Ethics test. Really anything where Tom needs to get new users into D2L fast.

BOF Windows Powershell #USGRockEagle13

Bird of a Feather so open discussion. Intro question:

  • How are you using it?
  • How do you like it?
  • Good sources of documentation? Information?
  • Tools/Modules used? e.g. editors, PowerTab module, ISE ScriptingGuy, Codeplex, etc/
  • Using Powershell: User-written functions, cmdlets, modules
  • Version 3? Version 4?

Discussion:

  • Passing around various books.
  • Manning occasionally has half off deals on ebooks. (True. Got my Powershell 2 book on such a deal.)
  • Listserv: ga-powershell at www.listserv.uga.edu.
  • Scripting works great for managing large number of virtual machines.

D2L Faculty Readiness #USGRockEagle13

Dee McKinney and Kathy Whitaker, East Georgia College

    • 3k students, access inst, grant associates degrees,
    • Many students first generation in family.
    • Part of first Georgia implementation group so started Fall 2012.
    • VP Academic Affairs asked all faculty to 1) upload a syllabus, 2) keep the grade book updated. So students can tell where they are in the course. At least an update every other week.
    • Purpose of study:
    • What training effective? Did it work/
    • 12 * 3 hour training sessions in May-July. 4 * 2 hour ‘quick start’ sessions in August. Covered basic tools: syllabus, grade book, discussions, dropbox, import content, email, quizzes, class lists, etc.
    • As time allowed: widgets, nav bars, news, pagers, custom profile, elementary design. Experiment.
    • 122 faculty. 33% attended training. 65% of those full time faculty. 2 dedicated trainers. Some trainees given stipend to be in the field mentors.
      • Online experts: substantial online experience. Mix of full and part time. 27 total. By choice came to earliest sessions.
      • Curious Optimists: some online experience. Mix of 2 to longer. 1 to quick.
      • Reluctant Participants: Little to no online teaching experience. All full time faculty. 7 total. A few admitted only there because required. Did not attend group training. Made appointments for individual.
    • Additional training: extensive list of docs, found apps, etc.
    • Survey before and after plus 5 weeks after start of Fall 2012. Emails approx 400 from help. Informal reviews.
    • Results: 3 hours was enough but not too much b/c workshop oriented not lecture. Essential for time to play with advisers to help. Instructors worked on own content not sample course. 1:8 trainer to trainee ratio. Participants collaborated. IT person on hand for passwords.
    • Multiple methods of training.
    • Mentors on hand regularly.
    • Perception of readiness: anxious prior. Confident after. Requests for advanced training.
    • Group one more competent. Reluctant willing try more positive.
    • Allow as much lead time as possible.
    • Accept some faculty will never buy into online teaching.
    • Suggestion faculty get a course release for first time teaching as so much work to start.
    • Was training or new LMS that made faculty happier.
    • Fall 2013: 2 hour training. Quick start guide. Start set0up while trainer in the room. Focused workshops for followup training on grade books, quizzes, widgets, intelligent agents (spring).
    • Met with professional advisers to focus on needs of online students.

Security Inside Out #USGRockEagle13

Eddie Carter and Orrin Char, Oracle

    • Identity management and security and access management.
    • Eddie wore a UGA shirt. Guy in front of me made fun of him obviously not wanting to sell to Georgia Tech. Turns out he’s from  Kennesaw. The GT-UGA rivalry knows no bounds. Love it!
    • Handout: Database firewall more auditing and ACLs than enterprise firewalls access to many hosts.
    • 67% records breached from servers. 76% breached through weak or stolen credentials. Discovered by an external party. 97% preventable with basic controls. Source: 2013 Data Breach Investigations Report.
    • Pre-1997: security issues mistakes. 1998-2007: Privilege abuse. Curiosity. Leakage. 2008-2009: Malicious. Social engineering. Sophisticated attacks. Business data theft. Loss of reputation.
    • Can be fined. Buy services for people affected by the breach.
    • DBAs are the targets. Phishing to get credentials.
    • Change is where gaps are opened. Being more available means more highly privileged users. Consultants and vendors claim they need DBA level access.
    • 80% of IT security programs do not address db security. They address outside computers such as with firewalls. More and more attacks exploit legitimate access applications and user credentials.
    • Supports SQL Server and MySQL.
    • Preventative
      • encryption : If data stolen in encrypted form, then do not have report the breach? Application should not even know it is encrypted. Network encryption now free to us. Autonegotiates with destination. No application changes. Little overhead. Integrated with Oracle technologies. Key management 2 layers. Master in hardware module or in a wallet. Wallet can be tied to hardware and accessed at restart. Data encrypted with table or column key. Table and column keys encrypted with master key.
      • redaction : Use ACLs to determine who can see. It will replace text such as on credit card numbers, SSNs, so can only see a full, partial, fixed.
      • data masking for nonproduction use : copy of production data in test with test being less secure. Masking means no longer valuable data. Finds sensitive columns through templates and convert the data so meaningless. Shuffle salaries. ID numbers randomized even partial. Randomize all but first two characters of last name. Can be two way so change for sending to a partner for process but then revert back when returned.
      • privileged user controls : Compartmentalization of commands. Prevent consultants from querying certain tables. Creates protective zones around schema objects.
    • Detective
      • activity monitoring :
      • database firewall : sits on the network. Parses SQL to determine the intent. Whitelist and Blacklist and exception list. If none, then alerts security to it and potentially added to a list. Have a learning and blocking mode. Can return empty result list to a hacker so thinks there are no records.
      • auditing and reporting : analyze audit-event data. Central audit repository so hacker unaware. Default and custom reports.
      • conditional auditing framework : if-this-then-that
    • Administrative
      • privilege analysis : privilege capture mode. report on what actual privileges and roles that are used. Revoke unnecessary.
      • sensitive data discovery : scan Oracle for sensitive fields. data definitions.
      • configuration management : discover and classify databases. scan for secure config.

Minimal Downtime #USGRockEagle13

Marc Pare, Oracle

    • Why work on weekends or late at night? (For us because of director policy because accidents during the day changes untenable with clients. But this is targeted to Banner to not GeorgiaVIEW.)
    • Weblogic High Available Topology (Maximum Available Architecture)
      • Client > Apache Server or OHS > WLS Cluster (> Admin Server) > RAC Cluster (> Oracle DB)
      • Why is this not being used?
    • Impressed someone from Oracle is so in touch with problems of Banner on Oracle and solutions.
    • Use Oracle Enterprise Manager to monitor middle tier. Uses mBeans and exposes most items except for some provisioning.
    • Cloning. Template builder. Add new nodes or setup test instances.
    • Rolling upgrades: Bring down first, patch, bring back up; find second, bring down, patch, bring back up. If it encounters a problem, then it rolls back the patch and brings it back up.
    • When experimenting, bring back up with end user access blocked, test and verify. Only when happy, enable end user access. We should consider giving campus administrators access to our direct nodes for testing so they can verify before release. Or even better really knock out the automated testing.