9 July 2014 § Leave a Comment
I once worried about the importance of student evaluations of my teaching for my job prospects in academia. How could students evaluate the effectivness of their instructors? Isn’t it the instructor who evaluates the effectiveness of his or her teaching, at least in part, by the performance of students on graded work? At present, everyone takes a nuanced view. The evaluations are at best a measure of a student’s satisfaction with the course, which is distinguished from teaching effectiveness. Unfortunately, we have escaped the frying pan only to land in the fire. The student evaluations by themselves no longer pose a direct threat to the integrity of college pedagogy—but the institution as a whole appears to be trading its integrity away by adopting the student evaluation as a model for describing success. Towards understanding the state of the institution of college at present, I share a few observations from personal experience.
- Colleges are under threat in several quarters. The already absurd cost of college is increasing. Students and their parents view college as probably necessary for securing a white-collar job, but would gladly avoid it altogether if there were an alternative that offered better dollar return on investment.
- There is a specter haunting higher education—the specter of the Internet. No one can quite see how it will happen, but everyone feels anxiety and excitement about the prospect of free online courses that can be substituted for college credit, or, what is worse from the college’s point of view, certification obviating college courses altogether. That these concerns are so strong reflects essential aspects of the environment. College is understood primarily as a means to economic security and advancement.
- “Online course” has slipped into our vocabulary, although there are few courses online. Mostly, there are materials for courses, such as lecture notes, taped presentations by an instructor, problem sets, essay questions, and course texts. A college course, unless “course” is simply to be redefined, requires a group of students who interact, whether in person or online, and an instructor, who is a leader and facilitator. The success of a course depends on more than acquisition of information or skills. A class is a social entity. Success requires direct engagement with others taking the class at the same time. The “content” for these “courses” is in general created by college faculty, although college faculty are not needed to “teach” them.
- Because there are so many colleges, and because so many of them can barely be distinguished from any of the others, colleges compete intensely for the limited pool of students. Tuition funds the college. There is no way of demonstrating that a college provides better pedagogy than others, so this has largely ceased to figure into relative assessment of one college over another. Faculty are encouraged to attend conferences about pedagogy and publish articles in journals about teaching in their discipline as a way of creating evidence that teaching is valued at the college.
- As a result of the intense competition, colleges have invested in the students’ quality of life and experience. This does not include pedagogy. Improvements such as new dorms, athletic facilities, better cafeteria food, and new technology are more easily recognized by potential students and their parents. Successful athletic teams, and their mascots, also differentiate colleges from one another.
- There is significant investment in advertising (“branding”) and Internet presence. Slogans, mottoes, and the college’s emblem are refined and widely distributed. The college’s image is the subject of retreats, town hall meetings, and committees, guided by a professional public relations firm. The college’s image need not be tied to its history or previous mission; indeed, any such connections are a part of the college’s image itself. If it is not seen as essential to the attracting students, a college will not promote its culture of teaching and faculty-student relationships.
- Student success is measured in part by how many of its students win academic awards or publish and present research or creative works. The success of faculty is judged by how many of their students succeed by these measures. Events such as an undergraduate research day are created so that students are guaranteed a venue for presenting their work.
- Much like in primary and secondary schools, new regimes of quantitative assessment are being put in place. “Learning goals” are articulated, and students are rated by how well they have met the standards. This is so that academic departments and deans can claim that the students are being taught effectively. Courses are designed for the purpose of satisfying the learning goals and meeting the standards for success. The goals and standards are created internally and are not subject to external review. None of the measures are validated as legitimate measures of student abilities; data are not audited for quality; and data sets are not evaluated by statistical measures of robustness, significance, or reliability.
- Because pedagogy is effectively invisible, there is no incentive to invest in pedagogically useful resources for faculty and students. Class sizes are as large as possible so that enrollment can be maximized. There is no reason to promote faculty members’ careers as teachers or scholars. Adjuncts teach courses when the number of course sections is too large to be covered by full-time faculty. Teaching loads are heavy.
11 April 2014 § Leave a Comment
If Mavericks’s implementation of Filevault 2 has any use, I can’t see it. Before I had installed Mavericks, I had used FileVault 2 to encrypt my laptp’s hard drive, and I recently decided to start using it again. I chose a suitably long and obscure password that I could easily remember and enter and pushed “encrypt.” Great, right? Feeling a little safer, I happily coded away (with a good bit of web surfing, to be sure).
Leaving the back doors unlocked, on purpose
On the next restart, the password entry screen for FileVault 2 didn’t appear. Formerly, a blue-grey screen would appear with a text entry field, which could only be bypassed with the FileVault 2 password. I checked everywhere I could think of for an option to require the Filevault 2 password on boot. I’ll save everyone the trouble of looking. Mavericks prevents this. I haven’t been able to find a way to change this behavior. This renders FileVault 2 of little use. There are well-known ways of resetting or by bypassing passwords for administrator users; since Mavericks allows administrators to bypass the FileVault 2 password field, this means that it provides no real protection. I can’t think of a scenario in which FileVault 2 can provide any meaningful protection for any disk that can be booted. I haven’t experimented yet with a disk used purely for data storage. Based on my recollection of the old FileVault 2, I would expect that the disk wouldn’t mount without the FileVault 2 password. I am pretty sure even a root user cannot mount a FileVault-2-encrypted disk without the password.
Defeating the exploits
There is a way to defeat one of the exploits that allows bypassing the login screen. Booting in single user mode gives immediate access to terminal prompt—as root. I can’t think of a more foolish idea. This is unfathomable. Clearly this open back door is intended as a mechanism for IT support, the Genius Bar, for instance, to perform heroic recovery efforts in case a user has forgotten his or her passowrd or damaged the OS so that it can’t get past even the earliest stages of the boot procedure. To defeat this, the boot procedure can be configured to require a password for root access. This isn’t especially difficult, or, if done conscientiously, risky.
Defeating the other exploit, which uses Apple utilities to reset administrator users’ passwords or bypass them entirely, requires extreme measures: so far as I can tell, it requires that a hardware-level PRAM password be set. Mistakes setting the hardware-level password can be fatal, requiring the machine to be sent back to Apple. Forgetting the password will have similar consequences.
If you want to scare yourself silly, you can read about these exploits, which are well-documented.
Conclusions about FileVault 2
I conclude that FileVault 2 encryption only makes sense for a boot disk in Mavericks if the PRAM password is set and the boot process is configured so that root access requires a password. The root-access password is needed in case someone who knows the PRAM password attempts to start the machine in single-user mode.
How good is it?
If these measures are taken, what level of security is acheived? The disk will be safe from people like students who want to access their grades on a professor’s laptop; thieves who lift the mac and want to access personal data before selling the machine; or someone who finds a misplaced laptop with patient data or other confidential documents.
from the moment the first quantum computer is turned on, all messages previously encoded with RSA will be readable. Any secrets that need to remain so after that moment, whether it comes in 10 years or next week, should not trust RSA now.
This permits access for university researchers, well-funded intelligence services such as everyone’s favorite, the NSA, and major multinational corporations. Quantum computing is expensive and requires rare expertise! If the US government wanted access to a machine protected in the manner I am suggesting, it would be simpler than using a quantum computer to compel Apple to access the PRAM password. I doubt that this is illegal under laws like the USA Patriot Act. No doubt the user him- or herself would be interrogated—low tech and probably effective!
The picture is a little rosier if the would-be snoops do not have access to quantum computing. Even top-grade decryption algorithms running on a cluster would probably still take a days or weeks to crack a good password. If the disk is removed and accessed on a machine booted from a different disk, if FileVault 2 behaves as it did in its pre-Mavericks state , the Filevault 2 password is needed.
What’s the use of a password anyhow?
The reason to use a password is to restrict access to the email account, system user, confidential information, etc. Making it available to people that can’t be trusted defeats this purpose entirely. Almost every password-accessible user account online has a “forgot password” utility which provides the user and the user alone with the ability to reset his or her password. Even the system administrator is not permitted access.
Don’t forget the password. Write it down and put it in a safety deposit box. Make it memorable. Don’t share it. Otherwise, don’t bother using one in the first place. And by all means, and now I am talking to you, Apple, don’t make an OS that renders passwords useless!
2 February 2014 § Leave a Comment
The proliferation of project-oriented work groups in the corporate and non-profit world stands in contrast to the organization of colleges and universities into academic departments. Good project management establishes clear channels for communication and coordination among members of the group. The project management plan takes into account the needs of all stakeholders, including users of any products resulting from the group’s work. Groups are composed of individuals whose skills complement one another’s. They are expected to take initiative and solve problems as they arise. The group uses digital tools to facilitate communication and share resources. The nature of a project is to have a definite endpoint. Along the way, benchmarks, preferably quantitative and open to the view of all stakeholders, measure whether the project is on track. The project plan includes plans for what to do when things get off track. The project manager is accountable for the group’s progress. Others outside the group are accountable for supporting the project. Reality is rarely so neat, but these anyhow are some of the ways project-oriented work is supposed to be carried out.
The academic department is a permanent organizational unit with objectives which remain stable for its lifetime, and recur on a regular basis. As anyone who has had to work out a scheduling conflict with a department chair, an academic department is designed with an indefinite time line in mind: there are no provisions whatever for adapting to the needs of students or faculty.
An academic department can function indefinitely with no leadership whatever. Students enroll in classes each semester. The chair must make sure there are enough sections, but no effort is required to recruit students. Classes are scheduled and apportioned to faculty. The deans require reports of various kinds. Standards, such as learning objectives and the mission statement, are established by the department itself, which collects data used to evaluate its performance. The chair must make sure the department stays under budget, but the budget is an artificial construct used to apportion resources to the department, which cannot run out of money. No collaboration is required. Input from faculty concerning major decisions can be obtained by email. There is no need for faculty to share syllabi or discuss pedagogy. There is no special requirement that faculty in the same department co-author books or papers. The department can function adequately even if faculty see each other only a few times each year. Senior faculty are at liberty to ignore junior faculty. There is an ample supply of new ones, should new hires leave the department for greener pastures or else fail to be granted tenure.
Nothing follows from any of this about whether academic departments should be transformed into project-oriented work groups or made to adopt practices in such work groups. For instance, it is probably nearly impossible to quantify teaching successes or good mentoring. Requirements of intellectual freedom are incompatible with direct oversight by administrators or faculty in other departments.
Academic departments should, nonetheless, be held to high standards of excellence. More in later postings about that.