One more leading nowhere, just for show

Something that exercises student teachers and old hands alike is multiple definitions of “things educational.” Similar-sounding terms are used to describe things that are, to different people, different.

An example of this came in an email from a PGDE student who, having witnessed a group of experienced educators (a) discussing the ignorance of those who don’t know, at the same time as (b) avoiding directly answering the question themselves:

“What is the difference between interdisciplinary, cross curricular and multi disciplinary?”

Great question. In Building the curriculum 3 – a framework for learning and teaching (BTC3), Education Scotland (ES) states:

Effective interdisciplinary learning:
> can take the form of individual one-off projects or longer courses of study
> is planned around clear purposes
> is based upon experiences and outcomes drawn from different curriculum areas or subjects within them
> ensures progression in skills and in knowledge and understanding
> can provide opportunities for mixed stage learning which is interest based.

Notice the carefully avoided definition. If you go to ES’s page What is interdisciplinary learning? there is another paragraph not telling you what IDL is, together with a link to the wrong page in BTC3. It says:

Interdisciplinary learning enables teachers and learners to make connections across learning through exploring clear and relevant links across the curriculum.

If you find any of those (clear and relevant links across the curriculum) in the Es and Os, let me know. Two broad types of IDL are described in BTC3, “which, in practice, often overlap”:

  • Learning planned to develop awareness and understanding of the connections and differences across subject areas and disciplines.
  • Using learning from different subjects and disciplines to explore a theme or an issue, meet a challenge, solve a problem or complete a final project.

According to Ivanitskaya et al, (2002), the characteristic of IDL is the integration of multidisciplinary knowledge across a central theme or focus. So IDL is MDL? And it goes across a theme? So they’re the same thing? Dictionary time.

interdisciplinary: adjective
relating to more than one branch of knowledge. (So, BioPhysics is interdisciplinary.)

multidisciplinary: adjective
combining or involving several academic disciplines or professional specialisations in an approach to a topic or problem. (Like building a house: Plumber, brickie, joiner, electrician.)

cross-curricular: adjective
involving curricula in more than one educational subject. (Speed, distance and time is in Maths and Physics)

Got it? IDL relates to more than one subject and may take a multidisciplinary approach and is probably cross-curricular. Cross-curricular doesn’t necessarily mean interdisciplinary. IDL might not be multidisciplinary.

Comments welcome!

Lisa Boncheck Adams

There’s a lens in every piece of writing and an agenda in most. In George Veletsianos’ Networked Scholars course this week, we are asked to engage with Zeynep Tufekci‘s blog post, which is a piece of emotive writing about another piece of emotive writing in the Grauniad by Emma Keller, about another piece of emotive writing by Lisa Adams, who is blogging about grief and her own battle with cancer.

Each piece takes a stance. Lisa’s stance is perhaps the most authentic as the writing is her own about her own experience. I’m not sure the blog she writes is one I would subscribe to but I understand why she does it: in the same situation, I am likely to be just as loud about it, for at least as long as it is helpful. There must come a time when writing her blog will cease to be relevant to her.

I didn’t find Emma’s article offensive or even critical: I thought she merely asked a question and certainly wasn’t what Zeynep calls “cancer-shaming”. Nor did Emma misrepresent what was happening to Lisa. If there’s fake politically-correct hysteria anywhere here, it’s in Zeynep’s squealing about Emma’s methods. The obtuseness of Zeynep’s complaints is irresponsible for whipping up emotion: for example, her response to Bill Keller’s piece on Lisa – itself tactful, insightful and personal, in my opinion – is disingenuous at best. At worst, it falsifies the content and meaning of what Bill Keller wrote in order to be further outraged.

What is evident in reading these pieces is that social media and blogs are powerful channels through which opinion may be manipulated. Rigour is not required to achieve this as readers, like the baying pitchfork-carrying mobs in a Hammer Horror, respond with such Twitter outrage that the offending item is removed, as in the case of Emma Keller’s article. The Kellers wrote in even tones using moderated language about a woman coping through writing publicly. What Zeynep Tufekci did was to twist that into something very nasty.

Computing: how young is too young?

TCHow does a child open a door in the modern world? Children’s worlds are increasingly driven by algorithms. At what age are they able to understand these, and use their own? We need to consider how young children learn about computing:

  • Who has the responsibility and how do we support them?
  • What resources do we have and what else do we need?
  • When is too young, when is too late?

On Wednesday 12th November at 5.30pm, the University of Edinburgh will be hosting a forum in memory of Tom Conlon which will engage with these questions through expert perspective and interaction with participants.

You are invited to join us, either:

Dr Tom Conlon had a rare ability to make an impact in many diverse arenas. As a teacher, and as a lecturer at Moray House School of Education, his influence in the field of Information Technology is widely acknowledged. This forum commemorates Tom Conlon’s unique contribution by continuing to tackle relevant and important issues in education and computing.

For more information, visit www.children-and-technology.ed.ac.uk/tomconlonmemorial2014 or download the flyer here.

 

Productivity of a new researcher

I’ve spent part of the summer preparing to begin a six-year research project alongside my day job in initial teacher education at the University of Edinburgh. Time is possibly the scarcest resource I have and that preparation has involved assessment and selection of systems that will enable me to be efficient, effective and productive. Here’s what I have in current use.

To-do

logo2Keeping a handle on things I have to do, prioritising and postponing according to progress, is essential to getting things done.

rememberthemilk.com provides this functionality through a web interface which includes a calendar feed and the ability to add new tasks by sending an email to a private address. A Chrome extension shows the RTM current list within the Google calendar web view and allows task completion or postponing.

Calendar

Google Calendar – or rather, several google calendars – allow me to manage the various demands on my time and keep an eye on events of interest that I’m following. Synching the calendars to the Calendar app on my mac and mobile devices means I know where I’m supposed to be at any time, and what gaps exist for new opportunities. New events (such as seminars booked through services like eventbrite) can quickly be added to the calendars by downloading an ics file. The RTM list and timed events appear within the calendar. On the mac, dates within emails can be directly viewed in your calendar and optionally added, allowing fast and selective adding of new opportunities such as seminars.

Workspace

WikiMy study, reading and research diary needs to be quick, easy and searchable. I have set up a MediaWiki installation on my server at http://cullaloe.net/w and given my supervisors write access to allow public commentary and guidance that is similarly searchable. I like the wiki markup which is just a small step from plain text – it provides very rapid content-focused editing and light touch formatting.

I have used a couple of extensions for in-page references (Cite) and to make it easy to insert citations (Bibtex) to papers and books I am reading, by copying references from Mendeley and pasting directly into the page.

Citation Manager

logo-mendeleyThe tool of choice here is Mendeley, which is a cloud-based bibliography manager with easy import from many formats (including books on Amazon, Google Scholar and the academic libraries). It has a “Save to Mendeley” bookmark for rapid extraction from webpages and a desktop application that synchs automatically to the web database. What I really like about this software is that it allows groups of references to be created which are automatically saved in BibTex files, one per group, which makes compilation against LaTeX seamless.

Paper/thesis creation

200px-LaTeX_logo.svgWhat else? LaTeX – I use the TexShop environment on my mac – produces beautiful documents (output to pdf) in a few keystrokes without any worries about formatting, compatibility or platform, and the almost transparent inclusion and rendering of bibliographies, tables of contents, margin notes, tables, figures and images.

Clippings

Evernote-logo-e1362251497276The handiest tool I have to quickly grab things I want to refer to later is Evernote. It has the quick post facility within my browser and the ability to forward emails out of my inbox to a less in-your-face place for later review and action. There’s also a nice desktop app to complement the easy web interface. Notebooks can be organised any way to suit you and can be bundled together to manage the important separation between different workflows.

Storage

Dropbox-LogoDropbox is one of the services I use for cloud storage. All source files and working documents are kept here. I’ve been using Dropbox long enough to have earned additional storage free of charge but most of that is taken up in the backup of files for my teachers’ site at sptr.net.

In addition to DropBox, I also make use of I also make use of copy.com which works in a similar way. Significantly, I do not use Google’s GDrive because I dislike how it works, as much as I dislike Google docs. Having been stung by Google’s sudden removal of services I’ve relied on in the past, such as bookmarks, I am reluctant to rely too heavily on them.

Cost

All of these tools, services and software are free. There are paid services but I am a light enough user not to incur the need to pay the subscription for any of the services mentioned here. That’s not to say I’m not willing to pay for these services because they are worth it, but the price points are disproportionate for most of them so I don’t volunteer cash I don’t have to spend. Service providers, take note: less is more. Cut your fees and more will pay. I do have a Premium Evernote account but only because it’s on promotion with O2 at the moment. You will not find Microsoft products on any technology I own.

Workflow

I always take pens and good-quality plain paper notebooks with me wherever I go. Email is ever present on a mobile device or laptop, as is my calendar, dropbox and browser. Also mobile but less central to hour-by-hour workflow are Evernote and Mendeley. I manage RTM only via a browser, and editing the workspace wiki is easily done there also. Chrome is my browser of choice on all of my devices – all the bookmarks synch automatically. It is likely that I will try other tools from time to time but I do not have the luxury of time to trial alternatives: my focus has to be on being effective if I am to meet current aspirations and obligations.

I hope this entry has been of interest – please get in touch if you have a suggestion to make, especially one that might make my life easier.

When busy bees lose the plot

OK, I have all this stuff to do but somehow I just can’t get focused on doing it. I seem to be stuck here, in the wrong place, doing something that just isn’t my priority right now.

Don’t get me wrong, I like being a bee and collecting pollen and all that stuff for the hive but honestly, I’m knackered. I just want to sit here and look at – what is that, anyway? Some kind of pipe. Interesting. I like pipes. Think I’ll blog about pipes.

Where was I? Oh, yeah. I’m going to go and get some of that pollen. For the hive. Because it’s what I’m supposed to be doing right now.

Hacking the Canon Powershot SX20 IS

I’ve had my Canon Powershot SX20 IS camera for a few years now and have always regarded it as a stepping-stone to a better, “proper” camera. The problem is I have never quite got to the point where I can justify shelling out the considerable wonga to take the next step.

What I’d like is a modern digital equivalent to my brilliant old Nikon FM that served me well for a number of years, with up to date features as well as the best of the old. Two things in particular have annoyed me about the SX20 – the maximum exposure time of 15 seconds and the digital compression which irrationally leaves me with FOMO – something is missing from my photographs.

Having resolved not to spend a grand on a new camera, instead I lobbed a hundred quid into the Physics Pixies UNICEF appeal and set about altering the camera I have to deal with the two “problems”. The alterations amount to a firmware update using the CHDK (Canon Hack Development Kit) firmware addon. This is now an open-source project built on the work of programmer VitalyB’s RAW enabler and Andrei Gratchev’s development kit. The firmware update now includes a number of other really nice features including time-lapse, motion detection and bracketing of exposure and focus.

Finding out the camera’s firmware

The EXIF data in a digital photograph tells you quite a lot about the camera that took it and the settings used – see, for example, this picture on Flickr. Click “show EXIF”. This tells me almost but not quite enough about the firmware Revision – 1.02 rev 2.00. Your camera will tell you, though. First, create an empty file called ver.req in the root of the SD card. I did this on a MacBook Pro with the SD card in a slot on the laptop by issuing these commands:

$ cd Volumes/CANON_DC/
$ touch ver.req

Put the card in your camera and start it up in playback mode. From the main screen (should be displaying NO IMAGE for no images on the card), press FUNC SET and DISP. buttons and the camera will display a screen like this for about 5 seconds:

IMG_4842

So my firmware version is GM1.02B. Other information is available – read the CHDK wiki for more.

Getting the firmware update

There are lots of different versions of the CHDK available and it seems to be important that you get the right one. Visit the download page and click the link to the stable build – this takes you the list of available versions. Obviously, pick the right one for your camera – the SX20 files are near the end of the page. I went for this one:

sx20-102b-1.2.0-3537-full.zip

I downloaded and unzipped the archive locally, then removed the quarantine tag from the binary (something the OSX archive utility does to protect you from yourself):

$ xattr -d com.apple.quarantine DISKBOOT.BIN

Choosing the load method

There are two possible methods to set up your camera with this new software, neither of which alters the camera’s installed firmware. In the first and simplest, the SD card contains files that are loaded by the camera using the normal “firmware update” menu function. It doesn’t actually update the firmware: the code is loaded into RAM which means that the camera reverts to standard operation when it is switched off.

The second method requires a “bootable” SD card containing the CHDK and partitioned in the right way – a slightly more complex procedure being required to set this up. I wanted to go with the first method initially, principally because I am impatient, but discovered (because the required PS.FIR file was missing from the download archive) that the SX20 CHDK does not support the firmware update method. All the details for both methods are available on the wiki.

Preparing the SD card

First step in preparing for the “bootable” method is to partition and format the SD card. I used the OSX disk utility to do this on an 8GB SD card, setting up a 500MB MBR partition and the rest in a second partition, both formatted as FAT. The disk utility seemed to throw an error after partitioning and didn’t mount the first partition at this stage.

The next step requires the first partition to be unmounted anyway, as we convert it to a FAT16 partition by issuing this command using the appropriate disk identifier (disk1s1 in my case):

$ sudo newfs_msdos -F 16 -v Canon_DC -b 4096 -c 128 /dev/disk1s1

Ejecting and re-inserting the SD card shows the new partition arrangement is OK and both partitions mounted. The next step is to make the card bootable – first, by invoking the fdisk utility (you type the bold bits):

$ sudo fdisk -e /dev/disk1
fdisk: could not open MBR file [] No such file or directory <== IGNORE THIS
fdisk: 1> setpid 1
Partition id ('0' to disable) [0 - FF]: [B] (? for help) 1
fdisk:*1> write
Device could not be accessed exclusively.
A reboot will be needed for changes to take effect. OK? [n] y
Writing MBR at offset 0.
fdisk: 1> exit

Next, we have to edit the SD card’s Master Boot Record. Get a copy of it locally by issuing this:

$ sudo dd if=/dev/disk1s1 of=BootSector.bin bs=512 count=1

Remember to use the correct disk identifier (disk1s1 in my case). If you get “Resource busy”, it’s because the first partition is mounted – unmount (do not eject) it and try the dd command again. Next, the BootSector.bin file needs to be edited – I used HexEdit.app – to overwrite from position 0x40 the word BOOTDISK:

bs

You should finish up with a file that’s still exactly 512 bytes that you can dd back to the SD card boot partition:

$ sudo dd if=BootSector.bin of=/dev/disk1s1 bs=512 count=1

Remounting the partition (using disk utility), the final step in preparing the SD card is to copy the CHDK files over. The file DISKBOOT.BIN (and PS.FI?, if you have it) goes in the first partition, everything else from the archive goes in the second, larger partition.

Finally

Eject the card and move the lock switch to the LOCK position (this is required to make CHDK operate – in the UNLOCK position, it’s just a normal Powershot but limited to the first partition). Put the SD card in the camera and start it up – you’ll notice a new splash screen:

IMG_1865

You’ll also see some new items, like a battery monitor, but most of the CHDK functions are accessed through their own menus – you (and I) will have to spend a little time with the user manual, but look out for results on BlipFoto, Flickr or maybe even 500px.

GTCS Professional Update

IMG_5843The General Teaching Council for Scotland has for the past few years been preparing for the introduction of a scheme of re-accreditation for teachers, required as part of the legislation which saw it gain “independence” from Government in 2012.

As with every other public body with an education remit, the GTCS can no doubt show that it has consulted widely and has “a regard to any views expressed by those consulted” [1]. The GTCS leadership have been at pains to distance itself from the competency overtones of the term “re-accreditation” and has positioned the professional update scheme, which goes live next week, as an enhancement of the annual professional review and development (PRD) process.

According to the GTCS website, I have to engage in the professional update process in August but, as with every other public body with an education remit, getting a clear statement of exactly what it is I have to do is difficult. I have a suspicion from talking to those involved in the pilot process that in the end, anything that from 500 yards looks like a duck, will be called a duck. “It’s a skoosh”, according to one participant.

This is familiar territory to anyone who has used the COSLA myjobscotland website, which is clearly designed to show how the official bodies are working hard to operate an open, equal and fair process but which in fact delivers an awkward, dysfunctional and frustrating exercise in time-wasting for potential applicants. Reading Kafka is great preparation for using this site if you’re considering it.

So, it’s August next week and, like a lot of teachers, I have a lot of things to do during the so-called holiday period, including preparing for Professional Update. From the GTCS website today:

28. When will I be required to complete the Professional Update process for the first time?

From my GTCS number, I will be required to complete Professional Update in 2014/15.

29. How should I be preparing for Professional Update?

“From August 2014, engagement in the Professional Update process will be a condition of registration with GTC Scotland. National implementation will be on a phased basis, as outlined in the question above. Teachers will not be asked to provide retrospective evidence in the PRD process prior to 2014. GTC Scotland will continue to take every opportunity to communicate with the profession to ensure that all teachers are aware of the timescale of implementation, and what will be required of them to complete the Professional Update process.”

A paragraph of text which doesn’t answer the question by stating that GTCS will take “every opportunity” to answer the question. So, I get that this is something to do with the PRD process, which from the past decade I’ve spent in education, is a futile ticky-box role-playing exercise with absolutely no value whatsoever to me, the people I teach, nor the service. OK, I think I’m ready for that.

WordPress XML-RPC Attack

This week, one of my sites, sptr.net, has been under a co-ordinated and sustained attack from what appears to be a botnet – a collective of several hundred virus-infected computers running Microsoft Windows. The attack comprises attempts to use the remote procedure call methods built into WordPress to post unauthorised content.

Detection

I was notified by one of my independent monitoring services that the site was having trouble some time after the attack began. It appears that once triggered by the attacker, it takes a while for the command to spread to a significant number of infected machines – this is reasonable if you assume the greatest number of infected PCs is in the USA. The attack peaked around the middle of the day in Scotland, coincident with the switching on of computers as the sun moved East to West across the continental US. Although the server remained operational, it was struggling to continue to respond to requests in a reasonable time as the CPU usage soared way above 1000% of nominal maximum. A look at the top processes on the server showed that it was trying to keep things together:

  PID USER      PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
12345 xxxxxxx    20   0 55992 36080  7128 R 49.0  6.9  0:15.73 [see below]
12346 xxxxxxx    20   0 56036 36124  7188 R 46.0  6.9  0:04.96 [see below]
12347 xxxxxxx    20   0 55940 36076  7128 R 46.0  6.9  0:03.82 [see below]
12349 xxxxxxx    20   0 55912 35908  6984 R 46.0  6.8  0:07.88 [see below]
12340 xxxxxxx    20   0 55976 36116  7180 R 46.0  6.9  0:03.59 [see below]
12342 xxxxxxx    20   0 55940 36064  7128 R 44.0  6.9  0:07.21 [see below]
12341 xxxxxxx    20   0 55948 36140  7196 R 44.0  6.9  0:34.79 [see below]
12343 xxxxxxx    20   0 55972 36248  7276 R 44.0  6.9  2:20.11 [see below]

The command attempted showed that it was an attack on a php script:

/usr/bin/php-cgi -c /var/www/vhosts/sptr.net/etc/php.ini

Further investigation

Looking at the server access logs identified the specific script targeted by the attacker, the machines and methodology involved. The range of IP addresses showed that the infected PCs were world-wide (in the sample below, India, Poland, Egypt, Thailand, Algeria, Brazil and Pakistan).

106.76.44.110 - - [10/Jul/2014:14:03:19 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
194.50.157.187 - - [10/Jul/2014:14:03:34 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
41.235.83.103 - - [10/Jul/2014:14:03:43 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
171.6.204.105 - - [10/Jul/2014:14:03:54 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
41.107.87.186 - - [10/Jul/2014:14:04:04 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
179.186.51.47 - - [10/Jul/2014:14:04:06 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
39.44.61.247 - - [10/Jul/2014:14:04:14 +0000] "POST /xmlrpc.php HTTP/1.1" 200 159 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"

Mitigation

Restarting the VPS container made no difference. CPU usage remained very high. Installing a plugin to disable XML-RPC in WordPress seemed to make things better, probably because of the response time improvement but as the day progressed, the attack seemed to abate and the server was coping better with CPU usage falling below 100% nominal maximum. The log sample above is from today, when the attacks have fallen to a few per minute instead of the hundreds per second on Tuesday. It looks like the botnet is learning that there are robust passwords on the system that will take too long to guess and is giving up.

Brute force solution

I’m not happy with this constant knocking at my door, however, so have decided that I don’t need a door there at all. Removing the target script doesn’t directly affect the rate of attack, it changes the 200 response to a 404 (page not found), which is quickly delivered.

94.55.132.13 - - [10/Jul/2014:14:09:13 +0000] "POST /xmlrpc.php HTTP/1.1" 404 430 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"