upvote

points

by sharkweek12 hours ago |
comments
upvoteby gdhkgdhkvff11 hours ago|
next
[-]
It’s wild to me that people in this comment section are suggesting that schools should improve their security by rolling their own platform, which is bound to be filled with security holes, instead of using a popular, maintained, open source option.
reply
upvoteby nazgul1710 hours ago|
parent|
next
[-]
To be fair to the idea, though, while this would make individual instances less secure, it would drastically decrease the leverage for the work bad actors put in.

There is a saying in the software security industry that (I'm paraphrasing from rusty memories) a system is secure if the cost of hacking it is higher than the value it protects.

Each system being completely distinct from another means that the cost of hacking the average student goes up by 9000 (from the article, Canvas is used by 9000 schools).

Still not saying that rolling out your own is the preferred solution, but the idea is not as ludicrous as it would seem, and should definitely be entertained and discussed, at least.

reply
upvoteby forgetfreeman10 hours ago|
parent|
prev|
[-]
Maybe. I still remember the Drupal community sneering at the New York Times when they unveiled their homegrown online news platform bitd. After 15 years of recursively scraping ad-hoc porn sites off of server hard drives when clients dragged their feet on migrating to latest versions I 'm less certain the assumption that homegrown == less secure is as valid as it sounds.
reply
upvoteby shnock5 hours ago|
parent|
[-]
Could you explain the last sentence a bit more? I don’t follow
reply
upvoteby forgetfreeman4 minutes ago|
parent|
[-]
Back before the Laravel folks utterly misguided but weirdly popular attempts at turning PHP into JavaScript gutted the Drupal community (your boos mean nothing, I've seen what makes you cheer) one of the most common outcomes of a site getting hacked was malware-infested porn sites would be uploaded to the site server. This failure mode wasn't particular to Drupal, it's just what happened when websites got hacked. This was the same period of time when the Drupal project was reporting ~16M active installs, had literally thousands of developers volunteering code to the core development project, a dedicated security team, and an automated test suite that ran around the clock.
reply
upvoteby asdff11 hours ago|
prev|
next
[-]
Universities used to do this sort of stuff themselves. Then it became a business handled by purchasing rather than needs met by the department themselves.
reply
upvoteby afavour11 hours ago|
parent|
next
[-]
In fairness in the era where universities did it themselves the tech requirements and expectations were dramatically lower.
reply
upvoteby asdff11 hours ago|
parent|
next
[-]
Tech requirements are the same as they always were. One needs to ask whether they need so many frameworks to host some files on the internet and submit some files and perform spreadsheet calculations. We still used one of those First Age 1990s websites for sort of pre lab quizzes this one class when I was going through it, and it might have looked a little "old" but I mean it did the thing and worked for years and will continue to do the thing and work for years.
reply
upvoteby internetter10 hours ago|
parent|
[-]
You're being deliberately obtuse. Canvas has many many features. Wikis and discussion boards and quizzes (with some anticheat) and groups and the list goes on and on. Furthermore, while it was never the flashiest thing, it did it better than many of its predecessors. Yes, an individual class may not use all of these features, and yes canvas has suffered feature creep even over my time as a student and yes canvas is not doing anything technically challenging, but there is enough of it that each school rolling their own everything would be a drastic waste of everybody's time and money.
reply
upvoteby clipsy11 hours ago|
parent|
prev|
[-]
Have these dramatically higher tech requirements and expectations improved the quality of education whatsoever?
reply
upvoteby avs73311 hours ago|
parent|
prev|
[-]
Because faculty didn’t want to do it anymore. They want it handled by others but also they want oversight and veto power but also they don’t want to be bothered. But it better always work, and if they make a mistake the software is broken because don’t tell them it’s a user error they used to write Fortran.

As a faculty member at a large university…I have a deep respect for the impossible job of university IT departments.

We originally rolled our on LMS decades ago. When we switched to canvas we kept the home brew running for five years past its expiration date because faculty refused to remove their files. Finally each one was manually moved by IT for the recalcitrant old faculty.

reply
upvoteby asdff11 hours ago|
parent|
[-]
It is kind of funny when these LMS tools with 100+ functions are being used for little more than what email, a grades spreadsheet, and maybe a shared drive would do. University might even ask for the final grades in spreadsheet format by the end of the term anyhow, so data goes into the LMS just to come back out again.
reply
upvoteby avs73310 hours ago|
parent|
[-]
In a sense you aren’t wrong but those analogies fail at scale. It’s like saying you could replace all hr functions with a spreadsheet.

They are large databases yes but they do a lot of small and large things that that analogy glosses over

reply
upvoteby jagged-chisel12 hours ago|
prev|
next
[-]
> Ain’t nobody hacking a blue book.

Well not with that attitude

reply
upvoteby walrus0110 hours ago|
prev|
next
[-]
A university doesn't need to bake its own learning portal, Moodle exists and is used by a lot of large schools.
reply
upvoteby ibgeek11 hours ago|
prev|
next
[-]
Moodle is an open-source LMS that can be self-hosted.

https://moodle.org/

reply
upvoteby hoppyhoppy211 hours ago|
parent|
[-]
Another open-source LMS that can be self-hosted is... Canvas.
reply
upvoteby wmoxam10 hours ago|
parent|
next
[-]
Almost no one does
reply
upvoteby ibgeek11 hours ago|
parent|
prev|
[-]
Didn't realize that. Thanks for the info!
reply
upvoteby userbinator11 hours ago|
prev|
[-]
I totally understand why a university wouldn’t want to bake their own learning portals

They used to, in the pre-cloud/SaaS era; and they were much simpler and better UX than the slop that they're renting today, because the actual users were not far from the developers.

reply
upvoteby oezi9 hours ago|
parent|
[-]
Counterpoint: I was a PhD student in 2004 and on the universities board* which oversaw the roll-out of the campus management system. It cost > 10m EUR to implement a shitty system with the worst UX and years of stabilizing to make it somewhat work.

The amount of corner cases and performance requirements during rush times (semester start) made it really infeasible for a university to roll their own.

* German universities have this funny system where 51% of such boards are controlled by the professors and the rest is made up of other employees/staff and students. They call it academic participation.

reply