The Computer Breach
This post is about a serious breach of computer security that occurred in the last weeks of term last year, affecting thousands of UAlberta users, including me. This post has been created by drawing from numerous sources, including mass emails, news reports, and official blog posts and news releases. There are, however, still unanswered questions that I will explore, and some of the implications of this event.
The Breach
Between November 17 and December 8, 2016, a breach of computer security occurred on the UAlberta North Campus. A forensic analysis determined that 287 computers in 20 classrooms and labs in the Knowledge Commons, CSC, and CCIS had keylogger malware installed on them. This breach was detected on November 22, 2016, and potentially compromised the security of 3,323 passwords belonging to students, staff, and faculty. A further investigation by EPS and the UAlberta IST forensic team determined that another 17 computers were affected, potentially putting another 19 people’s passwords at risk.
The Notifications
A total of 3,304 students, staff, and faculty who had logged into the affected computers during this period were notified of this breach by mass email on November 23, 2016, sent by the Chief Information Security Officer (CISO) of the Office of the Vice-Provost and Associate Vice-President (Information Services and Technology).This message confirmed most of the above information and recommended a course of action that included changing our passwords and monitoring our accounts for suspicious activity. After changing my password, I replied to that email, asking for more information about the malware; I sent the same message again on December 1, 2016 because I did not receive a reply to my first message. I got a reply from the CISO on December 7, 2016 that assured me that no actual information had been obtained due to the workings of the security software (more on this below). The delay in responding was for security reasons, because the investigation was still underway.
So imagine how badly I was freaking out the morning of December 19, 2016, when I wasn’t able to log in to check my email. Or any UAlberta account. My first thought was that the attacked had not only taken my old password, but the keylogger was running on the computer I used to change my password in November. I immediately called IST, where there was an uncharacteristically long delay. The thought, “I have a bad feeling about this” kept racing through my mind. This, however, just turned out to be a mandatory password reset for everyone who had potentially been exposed to the malware; in case you ignored the previous advice to change your password, you were now being forced to change it. Er, no advance warning or anything?
All along, information about this breach was hard to come by. In fact, I’ve gotten much information from articles by CBC Edmonton and the Edmonton Journal, and only rarely from official UAlberta sources. Finally, on January 5, 2017 there was a positive gusher of information sent in an email, as well as posted to the IST blog. I suspect the timing was not a coincidence: the Edmonton Journal had just published an article about the security breach in that day’s newspaper.
The Accused/The Charges
According to news reports, the accused is 19-year-old UAlberta student Yibin Xu. Xu was not named in any official announcements from UAlberta. A search using the UAlberta Directory did not turn up any matching person. Perhaps this student’s status as a student--or, at the very least, their UAlberta computing privileges--were revoked. According to EPS, Xu has been charged with mischief in relation to computer data, unauthorized use of computer services, fraudulently intercepting functions of a computer system and use of a computer system with intent to commit an offence.
Xu was to appear in court on January 10, 2017. I have not been able to find any information about Xu’s plea on this date.
The Protection
UAlberta classroom and lab computers are protected by antimalware software, including Zemana Anti-Keylogger. In the email I received directly from the CISO, there were “blank logger output files resulting from the encrypted inputs” making this incident, technically, a potential breach, not an actual breach. This makes me feel a bit better. However, I have not been able to obtain the name of the malware. Although this might seem like an, er, academic exercise, it’s important for at least three reasons. 1) I want to be sure that all of my anti-malware specifically includes the signature for the malware that I potentially encountered, 2) I would like to know more exactly how the malware works and (more importantly) how it spreads, and 3) whether this was existing malware used by a script kiddie or (much more seriously) custom malware deployed by the accused, specifically tailored to penetrate the UAlberta defences.
The Implications
The last point is important. Why would someone go to 304 different computers, installing keylogger malware on each one? Aside from the time investment required to craft, modify, or at least obtain the malware, how long would take it take to load this software on all those computers? Did Xu have to go to each computer, installing the malware from a thumb drive (which would not require any identifying logon or authentication). Say it takes 30 seconds. That’s a time investment of over 2.5 hours. It’s not clear whether the harvested data would be automatically uploaded, but that’s the most likely scenario. Then, however, you have to sift through all of that data looking for someone logging in. That’s got to take a while, too.
Here are three plausible reasons to go through all this trouble. First, just to prove it could be done. Yeah, malware writers do things for dumb reasons like this; bragging rights. But bypassing commercial anti-malware software doesn’t have to be done on campus, where you’re risking quite a lot for not very much. Thrill of the chase? Maybe, but I doubt it. Virus-writing has come a long way since those early days of macho competition.
Second, a desperate need. You’re failing courses badly. You need some kind of “competitive advantage.” If only you could log into your fellow students’ account, you might be able to steal their lab reports, computing science assignments, and more. While you’re at it, you could also grab some instructors’ credentials. Maybe log in to their accounts at the end of term and...tweak your grades. (Hey, David Lightman did it in War Games!) But isn’t that a lot of work for very little reward and high downside risk? Wouldn’t it be better to spend all that time, say, studying? If you get caught, you’ll be tossed out of university, stuck with a criminal record, and face potential jail time. (If the accused is a foreign student, they may be deported and not welcomed back.)
So that leaves the third possibility: What if the accused is working on behalf of someone else, like a criminal organization or even a nation state? China and Russia are known to have been behind state-sponsored malware attacks. I don’t think I want to know how many criminal groups are happily writing ransomware and other nasty shit--witness recent attacks on Carleton University and the University of Calgary last year.
I’ve been hit by malware before. Once, years ago, my computer contracted the Chernobyl virus, which managed to bypass Norton Internet Security. I actually had to bring my computer in for service to kill that one off--one of the few times I’ve ever had to pay someone to fix my computer. (If I ever see Chen Ing-hau, remind me I owe him a punch in the face.) Another time, my office computer was somehow infected with a rootkit, which took many frustrating hours to remove. Now, I’m armoured to the teeth with firewalls, anti-virus, anti-malware, anti-keylogger software, which do NOT give me any false sense of security. I continue to abide by best practices. But none of us need the worry and hassle of malware on university computers. As far as I’m concerned, they oughta throw to book at Xu.
Lastly, I know I’ve tossed many brickbats IST’s way. They’ve deserved them. But this time, I offer a bouquet: Nice job. Detecting this serious problem in 5 days, and managing to identify the culprit (sorry, accused) means that we at UAlberta don’t end up in the same situation as UCalgary. Because nobody wants to end up like Calgary. (Sorry, couldn’t resist.)
Why aren't you studying?
The Breach
Between November 17 and December 8, 2016, a breach of computer security occurred on the UAlberta North Campus. A forensic analysis determined that 287 computers in 20 classrooms and labs in the Knowledge Commons, CSC, and CCIS had keylogger malware installed on them. This breach was detected on November 22, 2016, and potentially compromised the security of 3,323 passwords belonging to students, staff, and faculty. A further investigation by EPS and the UAlberta IST forensic team determined that another 17 computers were affected, potentially putting another 19 people’s passwords at risk.
The Notifications
A total of 3,304 students, staff, and faculty who had logged into the affected computers during this period were notified of this breach by mass email on November 23, 2016, sent by the Chief Information Security Officer (CISO) of the Office of the Vice-Provost and Associate Vice-President (Information Services and Technology).This message confirmed most of the above information and recommended a course of action that included changing our passwords and monitoring our accounts for suspicious activity. After changing my password, I replied to that email, asking for more information about the malware; I sent the same message again on December 1, 2016 because I did not receive a reply to my first message. I got a reply from the CISO on December 7, 2016 that assured me that no actual information had been obtained due to the workings of the security software (more on this below). The delay in responding was for security reasons, because the investigation was still underway.
So imagine how badly I was freaking out the morning of December 19, 2016, when I wasn’t able to log in to check my email. Or any UAlberta account. My first thought was that the attacked had not only taken my old password, but the keylogger was running on the computer I used to change my password in November. I immediately called IST, where there was an uncharacteristically long delay. The thought, “I have a bad feeling about this” kept racing through my mind. This, however, just turned out to be a mandatory password reset for everyone who had potentially been exposed to the malware; in case you ignored the previous advice to change your password, you were now being forced to change it. Er, no advance warning or anything?
All along, information about this breach was hard to come by. In fact, I’ve gotten much information from articles by CBC Edmonton and the Edmonton Journal, and only rarely from official UAlberta sources. Finally, on January 5, 2017 there was a positive gusher of information sent in an email, as well as posted to the IST blog. I suspect the timing was not a coincidence: the Edmonton Journal had just published an article about the security breach in that day’s newspaper.
The Accused/The Charges
According to news reports, the accused is 19-year-old UAlberta student Yibin Xu. Xu was not named in any official announcements from UAlberta. A search using the UAlberta Directory did not turn up any matching person. Perhaps this student’s status as a student--or, at the very least, their UAlberta computing privileges--were revoked. According to EPS, Xu has been charged with mischief in relation to computer data, unauthorized use of computer services, fraudulently intercepting functions of a computer system and use of a computer system with intent to commit an offence.
Xu was to appear in court on January 10, 2017. I have not been able to find any information about Xu’s plea on this date.
The Protection
UAlberta classroom and lab computers are protected by antimalware software, including Zemana Anti-Keylogger. In the email I received directly from the CISO, there were “blank logger output files resulting from the encrypted inputs” making this incident, technically, a potential breach, not an actual breach. This makes me feel a bit better. However, I have not been able to obtain the name of the malware. Although this might seem like an, er, academic exercise, it’s important for at least three reasons. 1) I want to be sure that all of my anti-malware specifically includes the signature for the malware that I potentially encountered, 2) I would like to know more exactly how the malware works and (more importantly) how it spreads, and 3) whether this was existing malware used by a script kiddie or (much more seriously) custom malware deployed by the accused, specifically tailored to penetrate the UAlberta defences.
The Implications
The last point is important. Why would someone go to 304 different computers, installing keylogger malware on each one? Aside from the time investment required to craft, modify, or at least obtain the malware, how long would take it take to load this software on all those computers? Did Xu have to go to each computer, installing the malware from a thumb drive (which would not require any identifying logon or authentication). Say it takes 30 seconds. That’s a time investment of over 2.5 hours. It’s not clear whether the harvested data would be automatically uploaded, but that’s the most likely scenario. Then, however, you have to sift through all of that data looking for someone logging in. That’s got to take a while, too.
Here are three plausible reasons to go through all this trouble. First, just to prove it could be done. Yeah, malware writers do things for dumb reasons like this; bragging rights. But bypassing commercial anti-malware software doesn’t have to be done on campus, where you’re risking quite a lot for not very much. Thrill of the chase? Maybe, but I doubt it. Virus-writing has come a long way since those early days of macho competition.
Second, a desperate need. You’re failing courses badly. You need some kind of “competitive advantage.” If only you could log into your fellow students’ account, you might be able to steal their lab reports, computing science assignments, and more. While you’re at it, you could also grab some instructors’ credentials. Maybe log in to their accounts at the end of term and...tweak your grades. (Hey, David Lightman did it in War Games!) But isn’t that a lot of work for very little reward and high downside risk? Wouldn’t it be better to spend all that time, say, studying? If you get caught, you’ll be tossed out of university, stuck with a criminal record, and face potential jail time. (If the accused is a foreign student, they may be deported and not welcomed back.)
So that leaves the third possibility: What if the accused is working on behalf of someone else, like a criminal organization or even a nation state? China and Russia are known to have been behind state-sponsored malware attacks. I don’t think I want to know how many criminal groups are happily writing ransomware and other nasty shit--witness recent attacks on Carleton University and the University of Calgary last year.
I’ve been hit by malware before. Once, years ago, my computer contracted the Chernobyl virus, which managed to bypass Norton Internet Security. I actually had to bring my computer in for service to kill that one off--one of the few times I’ve ever had to pay someone to fix my computer. (If I ever see Chen Ing-hau, remind me I owe him a punch in the face.) Another time, my office computer was somehow infected with a rootkit, which took many frustrating hours to remove. Now, I’m armoured to the teeth with firewalls, anti-virus, anti-malware, anti-keylogger software, which do NOT give me any false sense of security. I continue to abide by best practices. But none of us need the worry and hassle of malware on university computers. As far as I’m concerned, they oughta throw to book at Xu.
Lastly, I know I’ve tossed many brickbats IST’s way. They’ve deserved them. But this time, I offer a bouquet: Nice job. Detecting this serious problem in 5 days, and managing to identify the culprit (sorry, accused) means that we at UAlberta don’t end up in the same situation as UCalgary. Because nobody wants to end up like Calgary. (Sorry, couldn’t resist.)
Why aren't you studying?
What I Did on my Christmas Holiday (2016 edition)
I hope you had a good Christmas holiday period! (That's the official UAlberta name for it, by the way.) Campus looks pretty for the holidays. Back when I was a student, there were no decorations like this.
Since you're wondering, here's what I did during the break.
(Why do kids have to get up so early on Christmas day?)
One thing I did over the break was get my car fixed. As I was heading to work for my last office hour of Fall term, I stopped for a yellow light--but the person behind me decided to go through it. Yeah, you can guess what happened. No, no one was hurt (except my poor car). The other person decided to pay for my repairs himself, rather than go through insurance. This can be dicey. I'm glad everything worked out, though. It was good (?) this happened between terms, so I wasn't stuck without a vehicle. The worst part about this? Remember that I was going to work for my last office hour? Guess how many people showed up to my office. Yeah: zero. Ugh. I should have stayed home.
(Crunch!)
Holiday time means I get to spend time with family and friends. My eldest daughter was super excited to see Rogue One: A Star Wars Story. Me, not so much--not after last year's Episode VII. (No, I didn't didn't like much; I felt betrayed by it, as a long-time Star Wars fan. Although it felt repetitive--like watching Episode IV from a parallel universe--I think I know why. The short answer is, well, you have to read Mike Klimo's Star Wars Ring Theory. If J.J. Abrams is clever enough to be extending the ring through this new trilogy, I may change my mind about it. Especially if Rey is both a Kenobi and a Palpatine...). Oh, as for Rogue One? Loved it.
Since my kids were off school, we did some family activities, like sledding:
(No, I didn't actually get on a sled and risk breaking my neck.)
We also made a recipe from a book that I've had since I was a kid: Possum's honey bread:
(Mmm, the smell of fresh bread on a cold winter's day!)
I spent some time catching up with some reading, including Wired DesignLife, a gorgeously designed magazine about gorgeously designed things. Looking at these artistically created products on a screen is nothing like holding the thick glossy pages of a magazine in your hands.
(I still prefer the feel of paper in my hands.)
Break time wasn't all about sleds and breads--I did a lot of work prepping for Winter term courses. I'm going to be trying some new things this term that I hope work out. If not, well, I tried. I don't just want to be doing the same old, same old all the time. I guess it's fitting that I spent much of the end of the year looking ahead to the new one.
Are you glad it's 2017? Many people are. There seemed to be so many lousy things going on (Brexit, the Fort McMurray wildfire, the economy, celebrity deaths, and don't even get me started on Trump. No surprise that so many people couldn't wait for 2016 to be over.
(John Oliver, Last Week Tonight: F*ck 2016)
Let's hope for the best in 2017!
Why aren't you studying?
Sunday, January 8, 2017
Posted by
Karsten A. Loepelmann
at
7:55 PM
|
Labels:
behind-the-scenes,
miscellaneous
The Awards: 15
It's that time again, the Department of Psychology's Spring and Summer Teaching Honour Roll--er, six months after the course ended. (To be fair, it's only--er, four months after summer term ended.) Okay, whatever. I'm just happy to be nominated, etc., etc. Oh, and I'm also happy to have gotten on the Teaching Honour Roll with Distinction. Woot!
Thanks to those who do complete the online form. If you think doing so is a waste of time, I would ask you to reconsider. Teaching evaluations form an important core of the evaluation of instructors every year. If there's no data, it can affect future teaching.
Important note: The Department of Psychology will no longer be offering courses in Summer term. Only Fall, Winter, and Spring. Adjust your plans accordingly.
Here are some selected comments (danger: some replies may contain sarcasm!):
Yeah, the worst thing about this class was that construction business. Many of us have...issues with the building manager (who was not only unable to find the source of the construction noise, but was unaware that there was construction happening at all--even though the people at Classroom Bookings new about it). My sincere apologies for the disruption.)
Hm. Not so much sarcasm after all. Must be the eggnog. (More nog than egg.)
Why aren't you studying?
Thanks to those who do complete the online form. If you think doing so is a waste of time, I would ask you to reconsider. Teaching evaluations form an important core of the evaluation of instructors every year. If there's no data, it can affect future teaching.
Important note: The Department of Psychology will no longer be offering courses in Summer term. Only Fall, Winter, and Spring. Adjust your plans accordingly.
Here are some selected comments (danger: some replies may contain sarcasm!):
“The course was fun and interesting. However, the note taking was tricky. Sometimes, I wished the Professor had the words that we needed to copy down underlined. I would often find myself deeply engrossed in the material being taught only to realize that I had missed a few words.”(Yeah, I hear this a lot. I've tried underlining the fill-in words in my PowerPoint slides, but this had the unintended consequence of students paying attention only long enough to fill in the word. Then they went back to chatting, or doing unrelated stuff on their laptops and phones. Later, when they realized they didn't actually understand anything, they wanted me to explain it all to them. Which I already did in class. That kind of takes a lot of the fun out of teaching. So look, if you miss a word or two, come up at the end of class and I'll give you the words you missed. I'm not going to be grouchy about it or anything. That's why I end class a couple of minutes early, BTW.)
“Perhaps make clicker participation worth a bit more? Sometimes the pace was a bit slow, so it was easier to get distracted, but otherwise this was an excellent course and(Thanks for the feedback on clickers.)
professor!”
“I honestly really did not like the textbook for this course. It overlapped with the lectures maybe 30% of the time. So we had to teach ourselves at home the material in the textbook which I understand is fair but it should at least overlap with lectures a lot more than it did. It made the workload for this course double which made it hard to focus on what to study for the exam.”The issue of having to teach yourself textbook material is a separate issue (but an important one). The class rated the textbook 4.1 out of 5. This edition has an average rating in my classes of 4.25. Although it's not the highest-rated textbook I use (the one I use for PSYCO 367: Perception), it's a strong rating. The overlap is not (all) the textbook's fault. Sometimes it's lacking important research and theories (tsk!) which I feel obligated to make up for in class. Other times, though, there are just things I'd prefer to talk about that are not the in textbook. Anyway, you wouldn't want me to just duplicate textbook material in class. Trust me on this.
“I think its a lot of material. Maybe the last section of cognitive engineering could be removed especially because the course pack section of notes is very outdated and was really hard to get through. Maybe instead the section of AI/Human intelligence could be expanded instead.”I'm looking for a more recent coursepack reading on HF/E, but nothing at the right level so far. I'll keep looking. It's important to me to keep this section in the course: it's my area, and it's all about the direct relevance of psychological research to the designed world we live in.
“Dr. L is one of the best professor at the U of A and should be in the running for next year's Last Lecture. He is the only reason I took this course. This course was NOT a requirement for my degree and was taken for pure entertainment and enjoyment. Instead of watching TV or sleeping in, I thought taking this class with Dr. L would be more fun and a great reason to get out of bed in the morning! Even though I am an average student at best, Dr. L presented the material in a way that I could understand and apply to everyday life. This is the sign of a great teacher! I could get a "D" in this class and I would still be happy with what I learned from Dr. L's entertaining teaching style. Like the old cliche goes...he could read the phone book and it would still be an awesome experience!”(Wow, thanks. Is there anything you didn't like about this class?)
“The only thing I didn't like about this class...”(Hah! I knew there was something!)
“...was the last set of readings on Applied Cognitive Psychology. It was dated and absolutely painful to read. The author was horrendous! Another bad thing that happened (which had nothing to do with Dr. L) is having the first midterm near a construction zone. It was absolutely distracting and definitely threw my first midterm grade off.”(First, do NOT nominate me for Last Lecture. No thanks. Those lectures are amazing. Like the 2016 one. Wow. But there's no way I could talk for an hour. I mean, I can teach a course and go on and on and on. But talk to a general audience? Nope.
Yeah, the worst thing about this class was that construction business. Many of us have...issues with the building manager (who was not only unable to find the source of the construction noise, but was unaware that there was construction happening at all--even though the people at Classroom Bookings new about it). My sincere apologies for the disruption.)
“I feel like more assessment could be added to the course (small assignments etc) in order to provide more testing. Some practice exams would also be useful. For me, this course was a bit too dense and long to be offered as a spring course; I find it would be much better in the fall or winter terms.”(It's hard for me to reconcile your comments: 1) the course is too dense and long, and 2) you would like a greater workload. Um, those are mutually exclusive. This is something that I've struggled with. It's still a 3-credit course, and there are the same number of classroom hours as a Fall/Winter course. So the course should be academically rigorous, and not watered down in any way. But then--it is offered over 3 weeks, which severely curtails the kind of work I can expect from students (one of the reasons why I do not teach PSYCO 282: Behavior Modification in Spring--it's impossible).
“The class was enjoyable - not boring at all. Lopelmann's silly humor and videos served as a nice diversion. Overall, this is a course and prof I highly recommend!”(It's spelled L-o-e-p-e-l-m-a-n-n. And I'm not "silly." Hmph. I'm more...goofy.)
“n/a”(o/k)
Hm. Not so much sarcasm after all. Must be the eggnog. (More nog than egg.)
Why aren't you studying?
Tuesday, December 20, 2016
Posted by
Karsten A. Loepelmann
at
4:22 PM
|
Labels:
awards,
behind-the-scenes,
teaching
The Lost Exam
In 22 years of teaching, I’ve maintained a perfect record: I have never lost anyone’s exam, quiz, or assignment. Until last week.
There have been some close calls. More than once--despite pleas and instructions--students have tucked their Scantron sheets back into the exam booklet. When the proctors, TAs, and I are madly scrambling to accept everyone’s exams when time runs out, we sometimes miss separating the sheets from the booklets. The student will later complain that they wrote the exam, but there’s no mark for them. That’s when we start digging through the bookets, one by one.
I make the proctors count the number of students at the exam. I don’t want anyone coming to me claiming that they certainly did write the exam, yes indeedy, and the absent-minded prof must’ve lost it, yup, uh-huh. So far, no one’s tried pulling this one on me, but I’ve heard urban legends...
Typically, after multiple choice exams come back from Test Scoring, I carefully go through the results, and note which students are lacking exam data. Maybe they were sick, or maybe they wrote their exams at SAS (Student Accessibility Services). If students write an exam at the SAS office, I have them hand-deliver their exams back to the Department of Psychology General Office. (Don’t worry, the exams are sealed in an envelope to prevent monkey business.) Sometimes, students don’t deliver their exams back until the next day. This is awkward, because I try to get exams scored as soon as possible (I walk them over to Test Scoring myself immediately after the exam). If I wait for exams from SAS, that delays the results for everyone.
Last week, I sent out notices to the students who were lacking data from Test Scoring, reminding them that I need documentation for any absence. One notice went out to a student who wrote the exam at SAS--and they replied right away, saying that they had delivered their exam immediately. I went back to my mailbox to check; nope, no exam. Strange. Was the student lying? Nope--the student had a return receipt with the signature of one of the Psych Department’s admin assistants: the exam had been delivered. It was just...lost.
I scanned instructors’ mailboxes in the Psychology Office. Maybe the student’s exam was put into the wrong mailbox? Nope, nothing in the boxes beside, below, or above my box. Drat. Then I started looking through everyone’s mailboxes: profs, instructors, grad.students, staff. One prof had a big stack of envelopes from SAS in her mailbox. I looked at them, but they were all addressed to her, not me. Double drat.
I went back to my office, where I had three other envelopes of exams from SAS. Was there another envelope stuck to the others? Stuck inside another envelope? On the floor? I spent half an hour scouring my office. Lots of dust bunnies on the floor. But no exam. Triple drat. My mind raced as I considered what I would tell the student. “Someone lost your exam, but it wasn’t me.” “Would you mind writing the exam again?” (Not allowed.) “Your final is going to be worth an extra 22.5%, is that OK?” (Ouch.)
These thoughts led me back to the Psychology Office. If the exam wasn’t in my office, maybe it was somewhere in the General Office. But where? Logic dictated that I look again in everyone’s mailboxes. But I looked already--didn’t I? I decided to look again, more closely this time. What about the prof with all those SAS envelopes in her mailbox?
I pulled the stack of envelopes out, looking closely at them. I saw one envelope had a sticker with the name of the student I was looking for, and then another one envelope from the same student. Both envelopes were hand-addressed to the other prof. Wha--? This one student couldn’t possibly have written two exams for that prof at the same time. Looking more closely, I saw the sticker on one envelope had a different course number on it, and the sticker on the other envelope had my course number on it. There is was: the lost exam.
Whoever had hand-addressed the envelopes at SAS had put the other prof’s name on the envelope containing the exam meant for me. It was simple human error. I was just relieved it wasn’t my errror.
My record still stands: 22 years without a single lost exam.
Why aren’t you studying?
There have been some close calls. More than once--despite pleas and instructions--students have tucked their Scantron sheets back into the exam booklet. When the proctors, TAs, and I are madly scrambling to accept everyone’s exams when time runs out, we sometimes miss separating the sheets from the booklets. The student will later complain that they wrote the exam, but there’s no mark for them. That’s when we start digging through the bookets, one by one.
I make the proctors count the number of students at the exam. I don’t want anyone coming to me claiming that they certainly did write the exam, yes indeedy, and the absent-minded prof must’ve lost it, yup, uh-huh. So far, no one’s tried pulling this one on me, but I’ve heard urban legends...
Typically, after multiple choice exams come back from Test Scoring, I carefully go through the results, and note which students are lacking exam data. Maybe they were sick, or maybe they wrote their exams at SAS (Student Accessibility Services). If students write an exam at the SAS office, I have them hand-deliver their exams back to the Department of Psychology General Office. (Don’t worry, the exams are sealed in an envelope to prevent monkey business.) Sometimes, students don’t deliver their exams back until the next day. This is awkward, because I try to get exams scored as soon as possible (I walk them over to Test Scoring myself immediately after the exam). If I wait for exams from SAS, that delays the results for everyone.
Last week, I sent out notices to the students who were lacking data from Test Scoring, reminding them that I need documentation for any absence. One notice went out to a student who wrote the exam at SAS--and they replied right away, saying that they had delivered their exam immediately. I went back to my mailbox to check; nope, no exam. Strange. Was the student lying? Nope--the student had a return receipt with the signature of one of the Psych Department’s admin assistants: the exam had been delivered. It was just...lost.
I scanned instructors’ mailboxes in the Psychology Office. Maybe the student’s exam was put into the wrong mailbox? Nope, nothing in the boxes beside, below, or above my box. Drat. Then I started looking through everyone’s mailboxes: profs, instructors, grad.students, staff. One prof had a big stack of envelopes from SAS in her mailbox. I looked at them, but they were all addressed to her, not me. Double drat.
I went back to my office, where I had three other envelopes of exams from SAS. Was there another envelope stuck to the others? Stuck inside another envelope? On the floor? I spent half an hour scouring my office. Lots of dust bunnies on the floor. But no exam. Triple drat. My mind raced as I considered what I would tell the student. “Someone lost your exam, but it wasn’t me.” “Would you mind writing the exam again?” (Not allowed.) “Your final is going to be worth an extra 22.5%, is that OK?” (Ouch.)
These thoughts led me back to the Psychology Office. If the exam wasn’t in my office, maybe it was somewhere in the General Office. But where? Logic dictated that I look again in everyone’s mailboxes. But I looked already--didn’t I? I decided to look again, more closely this time. What about the prof with all those SAS envelopes in her mailbox?
I pulled the stack of envelopes out, looking closely at them. I saw one envelope had a sticker with the name of the student I was looking for, and then another one envelope from the same student. Both envelopes were hand-addressed to the other prof. Wha--? This one student couldn’t possibly have written two exams for that prof at the same time. Looking more closely, I saw the sticker on one envelope had a different course number on it, and the sticker on the other envelope had my course number on it. There is was: the lost exam.
Whoever had hand-addressed the envelopes at SAS had put the other prof’s name on the envelope containing the exam meant for me. It was simple human error. I was just relieved it wasn’t my errror.
My record still stands: 22 years without a single lost exam.
Why aren’t you studying?
Tuesday, October 25, 2016
Posted by
Karsten A. Loepelmann
at
4:16 PM
|
Labels:
behind-the-scenes,
teaching
The Reading List (Summer, 2016)
I'm always reading something. Over the spring and summer, there's more time to read. I'm trying to make a dent in the stack of books I have. I thought ebooks were great (less clutter in my office!), but they have a downside (more clutter on my iPad!). Although I usually listen to podcasts when I'm commuting, sometimes it's nice to change it up and listen to an audio book. The Edmonton Public Library has a great selection at low cost. |
Steven Levy has been one of my favourite technology writers since I read Hackers (1984) about the early computer counterculture, which he released online for free. Insanely Great (which is not free) is his account of the development of the Apple MacIntosh. I haven’t used a Mac in 25 years, so why would I bother reading this? First, it’s like stepping into a time machine back to the early 1990s, remembering what computers were like. Floppy disks--ha ha! Plus, Levy tells a great story, and he was there--interviewing insiders at the time.text |
Why haven’t I been aware of Jim Gaffigan before now? I mean, his dad-humour is right up my alley. Heck, I could help him write his material. (Or, well, I could just steal his jokes. Whatever.) I played the audiobook (read by Gaffigan himself) in the car and my kids loved it--starting with the title: Dad is Fat. Ha ha! Funny! (I wasn't sure if my kids were referring to me or not.) You may not find this book funny if you’re not a dad, or if you’re not a kid, or if you never were a kid. But you should at least watch his Hot Pockets routine on YouTube. |
I’ve said before that Neil Gaiman is probably my favourite fiction author. The Graveyard Book was published way back in 2008, but I wanted to wait until at least one of my kids was old enough so that I could read it to her. The beginning is a bit grim (the best fairytales are, and it is Gaiman after all), but it’s not a horror book. It’s about kids being resilient and not giving up in the face of adversity. The Graveyard Book won a bunch of literary awards, and deservedly so; it is not a book just for kids. My 11-year-old loved it. |
The Brain: The Story of You is the companion book to the PBS series The Brain with David Eagleman. You might be wondering what I’m doing reading a popular book about the brain. Don’t I know all this stuff already? OK, yes I do. But I want to see what neuroscientist Eagleman is up to, and how he presents the workings of the brain to a general audience. It’s not bad, but it’s not revolutionary, either. There’s a bit too much of “your brain does this” and “your brain does that.” Um, I am more than just my brain. Maybe it’s a subtle distinction between “I woke up” and “my brain woke up”, but it’s a meaningful one. Let’s not reduce ourselves to just being our brains. (Would you say, “my brain was eating lunch” or “my brain was having sex”?) |
Tony Biglan is a behavioural scientist with decades of experience working in prevention research and public health. With so many seemingly overwhelming problems facing society, it’s enough to make you think that finding solutions is hopeless. This book will convince you otherwise. The Nurture Effect shows that behavioural sciences research has proven effective (both in terms of efficacy and cost) in reducing antisocial behaviour and substance dependence. It will take changes in individuals, families, and social policy, but there are evidence-based solutions. |
No? How about reading your textbooks then?
Why aren't you studying?
Tuesday, September 20, 2016
Posted by
Karsten A. Loepelmann
at
1:22 PM
|
Labels:
behind-the-scenes,
miscellaneous
What I Did on my Summer Vacation (2016 edition) Part 2
So...many...Elsas....
Our hotel (Art of Animation) was nicely themed, including our small Little Mermaid-themed room. Unfortunately, being a cheap room, it was far from the main building and bus stop. How far? My Fitbit calculated it to be 0.6 km away. That’s Disney World: lots and lots of walking.
A pretty typical day in Disney World.
I was looking forward to the Star Wars attractions in Disney’s Hollywood Studios. We waiting in long lines to meet “Kylo Ren” and “Chewbacca”. Maybe they were the real thing, I dunno. (I called Kylo Ren a big jerk before running out the door.) Character greetings and autographs are a big thing these days. There are long lines for princesses, especially Anna and Elsa. But the worst was Joy and Sadness, from Inside Out. We waited over 90 minutes to meet two oversize stuffies in a lineup full of impatient, screaming children (not my kids, incidentally). My favourite movie of the year so far is Zootopia, but aside from a Nick Wilde character in a parade, and a small display of character sketches in Animal Kingdom, there was nothing to see. (Marketing opportunity, Disney!)
This is one of the nicest pics I took.
There are always ups and downs when you travel with kids. Especially if one is a really picky eater, who doesn’t like scary (read: all) rides, and develops a pain in her leg so bad that you have to rent a toddler stroller in the Magic Kingdom. OK, so mostly downs. Luckily, I have another child who is a real trooper, eats almost anything, and has energy, patience, and tolerance. And is probably a better parent than me. So why bother traveling? You hope that by escaping your usual surroundings you see the world differently; you share experiences (for better or worse) that bond you together as a family. And sometimes, if you’re lucky, there are moments of joy and wonder--like watching your kids’ tired eyes light up when the Main Street Electrical Parade goes by.
Sadly, this parade is ending in October, 2016.
Of course, I didn’t spend the entire summer in theme parks (thank goodness). After spending so much time and money on our big holiday, we cut back on other things--not as many trips to the lake as we usually take. (Upside: pleased to see that Sylvan Lake has an actual beach now again. Downside: Aspen Beach at Gull Lake is overrun by wasps--avoid.) We were going to skip K-Days completely--how can that compare to Disney World? Except Rachel Platten was a featured performer this year, and I have two daughters who completely love her. So we had to go after all--in the rain. At least I got to have my annual deep-fried Twinkie. (All photographic evidence of that has been destroyed.)
Because you'd rather see a picture of Rachel Platten than me eating a Twinkie.
There were a couple of things that made me a little grumpy over the summer. I’m trying to get over that, I really am. I’m excited--a new term is starting, my classes are full of enthusiastic, energetic, hardworking students. What could go wrong? Well...I guess the Internet flaking out, freezing the classroom computers on the first two days of class...that could go wrong. Aaaaand, I’m back to being grumpy.
I'm a little grumpy. Get it?
Why aren't you studying?
Friday, September 2, 2016
Posted by
Karsten A. Loepelmann
at
8:23 PM
|
Labels:
behind-the-scenes,
miscellaneous
What I Did on my Summer Vacation (2016 edition)
I guess the biggest news is that my eldest daughter, being of the appropriate age, went to Hogwarts. Well, actually, the whole family did--to the Wizarding World of Harry Potter at The Universal Orlando Resort, that is! (Oh, and we went to that other resort in Orlando, too.) A big trip like this takes a lot of planning (and money, ouch!), but making it even harder was the fact that my wife and I tried to keep it a secret. We worked up "invitation letters" to Hogwarts for both of our daughters, and only delivered them a month before we left (not by owl, sadly).
The dragon breathes fire every 10 minutes. Nice and warm!
If you're any kind of fan, the Harry Potter-themed areas of Diagon Alley/London (in Universal Studios Florida), Hogwarts/Hogsmeade (in Islands of Adventure), and the Hogwarts Express train going between the two are mind-blowing. The attention to detail is amazing. Of course, we all had (frozen) butterbeer. Frozen, on account of the temperature being around +40 C every day. I'm not used to that kind of heat, whew!
There goes USD$7.00!
Naturally, my Potter-obsessed daughter had to do the wand-choosing ceremony in Ollivanders Wand Shop. A small group of people are allowed into a back room of the shop, and there's a brief spiel with some special effects in which the wizard guide randomly chooses one member of the group, who then tries to match the person with the right wand. If you are chosen, you do NOT get the wand for free; you still have to pay for it. It told my family that, if anyone in the family is picked, we are, under no circumstances, going to pay USD$50 for a plastic stick. And what happens? My Potter-obsessed daughter was chosen. She looked up at me with big puppy-dog eyes, and my heart melted, and I said, "No!" (It didn't melt all the way.) Lucky for her, my wife allowed her to buy the wand. Goodbye money!
They have surprisingly many expensive plastic sticks.
Of course, there are so many other cool attractions. Men In Black Alien Attack. The Simpsons. Dr. Seuss. The Hello Kitty store. I have a particular fondness for the Terminator 2: 3-D ride, formerly called T2: Battle Across Time. My then-fiancee, now wife saw that attraction when we were last in Florida 20 years ago. The Despicable Me-themed Minion Mayhem ride was really cool. One of the Universal hotels has a character breakfast with Gru and a minion. You can see that Gru is very happy to meet me! (I do a pretty good Gru voice. I told him that I was Steve Carell. He was impressed.)
Gru with "Steve Carell".
I'm also a huge Back to the Future fan, and was happy to see a DeLorean time machine on display. It is not, as is reported in some places, the B-car. It is one of several stunt cars. How can you tell? Check out the Mr. Fusion. See how tall it is? That was never in the movies--it was part of a botched restoration attempt years ago. Still looks pretty cool, though. (I contributed to the Kickstarter-backed OUTATIME documentary. If you love DeLorean time machines, you have to watch it.)
When this baby hits 88 miles per hour, you're gonna see some serious shit.
Aside from the extreme heat, and even more extreme cost (did I mention that everything is expensive?), there was another thing I didn't like: crowds. Wow, it was elbow-to-elbow everywhere. To mitigate this, however, I relied on the super-useful Touring Plans website (and their appropriately named app, Lines). There a lot of data and science behind it: the travelling salesman problem, bin-packing problem, evolutionary algorithms. Really cool stuff. They predict how busy each park will be, and also give you an estimated wait time for each attraction. I found it to be a lot more accurate than anything reported by the theme park itself. Totally worth the small amount of money they ask for a 1-year subscription.
Looks like I have to get to class. See part 2 for the rest of the trip. (As if you aren't jealous enough already!)
Why aren't you studying?
Thursday, September 1, 2016
Posted by
Karsten A. Loepelmann
at
10:09 AM
|
Labels:
behind-the-scenes,
miscellaneous
Subscribe to:
Posts (Atom)
Find It
About Me
- Karsten A. Loepelmann
- Edmonton, Alberta, Canada
- Faculty Lecturer in Psychology at the University of Alberta
Category
- awards (27)
- behind-the-scenes (198)
- exam prep (13)
- exams (13)
- learning (22)
- miscellaneous (176)
- research (8)
- studying (14)
- teaching (108)