Monday, February 23, 2009

Blackboard Security, UMBC

A couple items that instructors using Blackboard at UMBC should be aware of: First, at the beginning of most sessions when one is preparing to post new content, a requester pops up asking for permission to run a Java application. The correct answer is, emphatically, no. Everything works fine if you deny that application permission to run, so there's no need to grant it complete and total access to your PC (or to your account on the PC which, for most Windows users, is the same as the PC itself). Second, OIT often refers to Blackboard as a secure place to post grades. In some respects this is true. However, be aware that the grades are transfered in the clear, so anyone eavesdropping can see all the grades of everyone in your class. On campus this is probably a minimal problem for wired users. It's a switched Ethernet, and hard to eavesdrop on. The campus wireless is not encrypted however, so accessing a Blackboard grade book using 802.11 on campus is not secure. By the same token, accessing a blackboard grade book from off campus is not secure.

Sleep

I'm clearly not getting enough sleep if two consecutive posts contain as much overlap as the last two without me noticing until after the fact. As Vonnegut might've said, so it goes.

Improving the Usability of myUMBC

myUMBC has become, in the words of one of our students, very media heavy. Even with a broadband connection, it takes a long time for things to load, presumably due to load on the servers and perhaps scripting locally. One of the annoying things is a rotating banner of supposed news items. I've chosen not to do anything about that yet. Two things I have disabled, however, using Firefox add-on Karma Blocker, are: The chipmunk animation that loads whenever a page is not found. This is doubly bad, since it's not only many useless bytes transferred, but it also makes noise. This is triply bad, because the 404 not found chipmunk normally occurs after clicking a bad link in myUMBC. Karma Blocker rule:
# Block myUMBC 404 not found chipmunk
[group]
score=10
rule=$url$='dramatic_chipmunk.flv'
For those who want to see the animation, the full URL is https://my.umbc.edu/shared/images/player/player.swf?vidLoc=/errors/images/dramatic_chipmunk.flv The second thing is the MyUMBC alert "feature." There is good reason to have such features, but when it's used to tell people not to respond to phishing attacks and to tell people after the fact that the University opened late that morning, it's not clear it's useful. But it also takes several clicks to dismiss the alert, and until dismissed there's this huge honking red thing in a prominent position on the screen. The solution is to get rid of the red thing. The alert is presented as a white number on a red background. Get rid of the background, and it bcomes a white number on a white background. Much better. Karma Blocker rule:
# Block UMBC Alerts
#[group]
#score=10
#rule=$url=='https://my.umbc.edu/modules/dashboard/images/alert_bubble.png'

Monday, February 2, 2009

Disabling Alerts in myUMBC

UMBC's OIT has added an Alerts feature to myUMBC, the system everyone uses for everything at UMBC. Being close to people who were in Norris Hall during the Virginia Tech shootings, I understand the motivation and think that, on the face of things, the alerts are a good idea. However, they're being used for mundane matters--Wednesday around 11am I saw the alert that said campus was closed that morning until 10--and very cumbersome to dismiss. You have to click on the alert notification, click on the specific alert, and then click on something indicating that you've seen the alert. They really want to know we've seen every alert. Unfortunately, myUMBC is very media heavy, and, even from on campus, very slow. So each click takes several seconds. So I looked on myUMBC for an option to disable alerts, or some way to dismiss them more quickly. No luck. NoScript (my favorite Firefox add-on) didn't help, since the alerts aren't implemented as a specific script. So I went hunting. The hunt led to Karma Blocker 0.3.2. Essentially I tell this nifty little Firefox add-on that the myUMBC alert has bad karma, and so it keeps the alert from loading. What it really does is get rid of the red alert background, which means my count of alerts awaiting is a white number on a white background. The rule I use is: # Block UMBC Alerts [group] score=10 rule=$url=='https://my.umbc.edu/modules/dashboard/images/alert_bubble.png' OIT could easily break this by renaming or moving the image file. I'm hoping they don't. If they do, I can make the rule more general.