Skip to content

Dec 8

2 Comments

A Community of Consensus

I love a good think. #el30 has felt like a lovely stretch. My mind feels exercised. 

I am rubbish at following set rules, and in that vein I have come to write this post four times and left the screen blank each time. Here goes.

Some reflections on #el30 so far

My experience is one of value. I value the ‘nobody knows you’re not a dog on the internet’ principle. Everyone in #el30 has come to it with an openness and, yes, with a layer of trust in the way they have been willing to engage with concepts that are not their specialism and post about them. The nature of the topics chosen for each week means that nobody will be ‘expert’ in all of them, Read more

Dec 6

10 Comments

The Quest for Community

This week’s #el30 topic is community. This is my second post on the topic and I’d like to begin with a couple of definitions given in the interview/chat that Stephen Downes held with Pete Forsyth. Pete said:

  • Consensus: A collection of tactics for making decisions.
  • Community is a more amorphous concept of affiliation.
  • Connection is that if you are able to have consensus, it is one of the key things in being able to form community(1:22-1:50 in the video)

Stephen then said (casually, not ominously) that ‘the internet is a trustless environment’. When using trust as a formal definition, yes, I agree. In an interesting interview article with Bruce Schneier on trust, the first line reads:

Modern society depends on trust more than we realise, and the basis for that trust is security. 

So perhaps we could swap the words in Stephen’s sentence to read: The internet is an insecure environment. –Perhaps Stephen’s quest for ‘truth’ that we keep hearing him mention may align with a quest for secure, reliable, verifiable, trusted, and true information.

Back to the topic:

For the variety of people engaging with this course, there are problems inherent with multiple definitions, contexts, and uses for words. This happens whenever research, education, and/or practice cross domains. Actually it happens when we cross cultures too. –or generations, or perspectives on so many levels. For so many reasons, it really is important to have consensus if we are to function efficiently within a system or medium or even as a community.

I wrote my initial thoughts on the theme of community, and Stephen’s comment on that post demonstrated a different lens for using that word. Community can be a fostering home as I described, but it can also be a functioning ecosystem (that’s my best description of what he described).

This week we were given a challenge to propose a task that satisfied this brief:

As a community, create an assignment the completion of which denotes being a member of the community. For the purposes of this task, there can only be one community. For each participant, your being a member of the community completes the task.

My proposed ‘community’ task

is for consensus to be achieved on a criterial definition and understanding of community. Drawing upon Pete Forsyth’s initial comment on consensus, I agree we should have a collection of tactics to do this. I propose something akin to a mathematical proof .

This difference in definition led me to start by reading a few articles. I’ve copied a couple of paragraphs from the discussion section of one article that talked about a functioning ecosystem community. I’d like to leave it here as a provocation for us to think about. I have changed a few words, appearing below in purple, simply because it makes the overall text relevant to us, as opposed to being strictly oriented to the author’s study. In the second paragraph the word node is the author’s original text. After reading the paragraphs, please do click on the source article (I think you can see the full text).

In this study, we found that the position of the node… within the network … has important ecological consequences … and the structure and integration of the graph. Nodes with a higher flow of resources, even if this comes indirectly via other nodes, have an increased chance of surviving and founding new nodes than nodes with a lower flow of resources; node size is also accounted for and does not eliminate this effect. Distance to the nearest source does not affect node survival. Resource flow through a node depends on its connections to the other node and how it fits into the broader structure of the network. The survival and budding of a node is dependent on its relationship with other node and the wider pattern of interaction between the nodes in the graph. Our results show that, despite being spatially separated, the interconnected nodes of a graph can be considered a single ecological unit, at least in terms of resource acquisition. We also demonstrate that dynamic network position can have important ecological consequences.

The flow of resources through a particular node can change over time due to other nodes in the network being gained and lost. The integrated nature of the system means that a given nest could maintain the same connections to neighboring nodes and locations but still undergo a change in the amount of resources available to it (and therefore its chances of surviving…), due to nodes being abandoned or founded elsewhere in the graph. Nodes in unprofitable areas, and therefore with a low resource flow, are more likely to be abandoned than nodes in profitable areas. These dynamics will result in the graph moving toward resources and away from unprofitable areas. For a spatially embedded network, this movement is physical movement of nodes. In networks which are not spatially embedded, such as social networks, this process could result in a network clustering around certain nodes, for example individuals with information. The reverse could also occur; a network could cluster away from specific nodes, for example diseased individuals in a social network. These changes in the network structure are self‐organized, resulting from selective pressure based on an individual’s position in the network.

Source article

Further reading (easy read)

Featured image CC BY-NC-ND by Nico

Edited task:

In completing Roland’s task for this module, we are each asked to write about our experiences of #el30 so far. For each of us, this experience will be inherently true and specific to this community. In response to the brief set, we will be demonstrating consensus both by addressing one task, and by individually demonstrating our (true) experience of the course and of the community. This will be akin to a mathematical proof  that shows this experience of community is formally impossible to be something else.

The individual posts will each represent an aspect or facet of (what could be) a criterial definition and understanding of this community. Drawing upon Pete Forsyth’s initial comment on consensus, our posts would be the ‘collection of tactics’ to do this. 

Dec 5

4 Comments

On Community

This week’s topic in the connected learning course #el30 is Community. Stephen introduces this in the course newsletter. I began with an ‘aha’ moment, then did a search to find the origins of the word, then looked to see what I might have blogged about community before, and here we are. I did write a post about community some time ago, and it’s interesting to see what words I used when unprompted by the context of the current course:

Community. Trust. Communication. Personal. Stories. Interest. Talking. Inquiry. Curiosity. Care. Friends. Time.

I rather like that, and it links to my aha moment. This evening my Community Orchestra performs an informal concert to friends and family (we even have a good luck message from Alexander Bernstein for our rendition of Mambo 🙂 ) Thinking of that orchestra, we are 40 people, all very different. We know very little about one another, yet we come together for a common goal. Stephen introduced the topic with an element of community being about ‘sameness’ (he does move on from this, but go with me for a moment), and I thought how completely contrary we were to that. All walks of life, all ages, instruments that don’t necessarily go in an orchestra – but what we had was a common goal, a common experience – a purpose.

Stephen hints at this in his intro when he says:

…community and consensus are about more than voting and about more than having power. What is required for a community to work is not merely control, but agreement on the part of the members of the community. 

Certainly in the orchestra there is not individual power. The oboe alone cannot carry the music any more than the clarinet, the viola, or the saxophone (yes, we have saxophones in our orchestra), but together they can each contribute their skill, individual sound colours, and contribute to create something far more than any one alone. I stand as conductor and (hopefully) make no sound at all. It is only through them that the music is realised. Maybe that’s a good analogy for learning in a class/course:

There may be a teacher/facilitator, but in truth nothing comes out of them. I don’t mean they are useless, but It is only through the voices of the students, their interaction and willingness to work together, participate, and realise concepts and content that we get the living art that is music.

In a community people contribute – how and when and why is all for another conversation, but there is contribution and also awareness. Contribution without awareness is either carrying out chores or charity. By awareness I mean a sort of sense of place, of giving and being received, of having bonds or connections, whether in the form of creating sound sound (as with the orchestra), a gentle word, a polite nod, or something so simple as being called by name. And there is flux. There will be times when there seems to be a shift, as opposed to an unbalance, where one needs rest and others do the supporting. Awareness and care.

Stephen talks about trust. This too. We cannot engage in a common anything, collaborate and learn without trust.

I look forward to this week’s resources and discussions.

Featured image shows Averbury Stones by Andrew Foster CC-BY-NC-ND because old stones in an English village somehow invoke community for me.

Dec 1

9 Comments

Connected Learner Badge

This post is about a badge I designed called the ‘Connected Learner’.

In the world we are all connected, but how often do we connect? This badge can be earned by following some simple steps.

If you are reading this, then you have some sort of online presence, even if that is as one who reads, and not as a distinct or recognisable identity that you project outward.

The task that I have set is:

Read and comment on three blog posts. The posts should be to do with a particular theme, topic, or course.

For example, I could choose to comment on blogs having to do with the #el30 course. My creating this badge was a task for the #el30 course. (and my setting a task is also one of the embedded tasks for #el30 that was set by the facilitator and fellow participant, Stephen Downes.)

When applying for the badge, there is a place to put your evidence, so save the URL to the blog with your comment.

 

I think this is the public link to apply for *view* the badge via badgr:

https://badgr.io/public/badges/IlrDV104S5GF83PoBruWHA

*edit: to apply for the badge, you need to apply to me. I have learned thanks to someone from the Badgr team that issuers award the badges. So as an issuer, I can award my badge. 🙂

Read more

Nov 29

2 Comments

Recognition

Recognition is this week’s topic for #el30 and the abstract asks two very different questions:

  • How do we know a course has been successful?
  • How do we know what someone has learned?

For me, these are not necessarily related like a geometric proof.

  • If this -> then that.

If the course is successful the student learns. As we have seen, perspectives can reveal different meanings and aims. I wonder what the criteria one uses to know a course is successful? There will typically be course aims as well as desired learning outcomes, and perhaps criteria-based assessments or tasks.

Does the student learn? Now this is not something I would ever like to fit into a box, or expect to assess adequately or be able to reward completely. Read more

Nov 28

#el30 Resources task

This is a very short post for the class #el30 about completing one of the tasks to do with resources. I did install Beaker Browser and had a good read of the accompanying documentation. It took a while to get my head around it.

The actual installation was a simple drag and drop into the applications folder (I use mac) like anything else, it was what to do then… ? I admit to being largely stumped by how to use it. I wasn’t sure if it was a drawing board, a repository, or what. I have come to sort of understand that it is a combination of BitTorrent and Dropbox. Reading the documentation it became clear what they meant by the users ‘seed’ the contents. They mean it is sort of like keepie-upies: The ball only stays in the air while there are people to toss it about, otherwise it is no longer in play and falls by the wayside (or goes dormant on your computer while your computer is off). This was clear when I went to click on Kevin’s resource and it said it wasn’t there.  Read more

Nov 27

2 Comments

Notes on Resources videos #el30

I am behind in #el30 and these notes are for the videos for the Resources topic (which is just being wrapped up now). I have watched the two videos posted by Stephen as part of the main course materials and I’ll dive into the task videos next – hopefully before tomorrow’s new topic conversation begins!

Video 1:

Stephen begins the video ‘From Repository to Distributed Web’ by laying out the topic that we are considering with resources: A vision of moving from a repository to something distributed. Read more

Nov 25

1 Comment

The purpose of a website

I woke up thinking, had the most extraordinary day yesterday and my brain continued to think all night long. Who do I tell? Where do I share? and then it dawned on me:

Why would I share something exciting, inspiring, and personally meaningful to me with at least 1000 people (to give a conceivable number) in an office building? Why? Would I do that – walk into an office and broadcast whatever it is? um, no. but yes. I mean social media.

I did have an extraordinary day yesterday and there are things I will write about it and the thoughts that followed, both keeping me up late and waking me early with the cogs in my brain still in motion. Those thoughts are on music, community, talent, and teaching, and I will write them, but not in this post. This post stems from the desire to share and the resulting ‘where’ and why of posting. Read more

Nov 17

6 Comments

Keys and encryption

This is a technical post in response to the useful provocation Stephen provided with his video for #el30 exploring Yubi keys and Public / Private keys. Stephen began by saying it is not his area of expertise (mine either). There is a LOT in these topics and I have a friend who is a specialist who helped me put this post together to give an intro in a way we could understand. It was not something I could research and correctly put together on my own, as terminology and details matter a lot with the intricacies of these things and their uses. (and it’s very complicated!) I hope this tutorial-style post is helpful.

My post is divided into that intro, and then some comments/explanation from me on things in the video.

Intro:

Passwords:

Positives:

  • They are good because of usability.
  • Everyone knows how to use them.

Negatives:

  • They are hard to remember and easy for computers to guess (generally).
  • People reuse them (this is a human error)
  • When credentials (password or email) are reused, compromised details on one site generally leave you open on another site if you have reused them elsewhere.

A good example of a good intention that weakens the use of (more) secure passwords:

Websites that disable ‘paste into password fields’ Those sites thing they are improving security by disabling that feature, but it also means you cannot use a password manager where you can use a randomly generated long string including umpteen special characters and thus most people resort to a more simple, easy to type password that is simply weaker.

  • PII (Personally Identifiable Information) like mother’s maiden name, DOB… is also bad because generally available on public record

One approach to counter the weakness of passwords is to strengthen passwords with another factor.

Possible factors include:

  • What you know
  • What you have
  • What you are

A password is something you know

If you are using more than one factor, it ensures that if someone has guessed your password, they still can’t get in because they need another factor.

A fingerprint is another factor (something you are – biometrics)

SMS is not a second factor – it’s something you know, like a password. Many people will argue with this, but it is more like 2-step authentication, where you use 2 passwords. The phone number is something you know, even though we *think* of receiving a SMS as a ‘thing’ but it would be easy to clone your sim and the first thing you would know about it having been ‘popped’ is when you suddenly have no service on your phone.

A Yubi keysomething you have. It is a physical token, and thus is a true second factor. There are also RSA tokens (some places of work use these as a factor to log on to a system) which are a physical second factor. Google Authenticator, which is an app that generates a time-sensitive changing code, is like RSA, but not as good because it is still cloneable.

A true second factor (the something you have type) is a hardware product and not a software product.

Despite all the things that are wrong with passwords, people do know how to use them.

Certificates- What if to sign up to a site you had to generate a domain-specific public key and sign it with your private key? How well would that work in an online world measured by sign-up rates and similar metrics?

Beside the human ‘friction’ of onboarding, there is also the problem of compatibility. For example look at GPG tools. I used to send encrypted, key-signed messages with one of my good friends, but when email upgraded with High Sierra, GPG tools broke and you couldn’t use key-encrypted mail any more. It still doesn’t work. (*Sigh*)

So if we asked people to generate those site specific keys, understand it, sign it with their public key, there would be a very high probability that even if they had the gumption to learn how to do it (and believe me, it took me a couple of weeks to sort out key) it is also overwhelmingly likely that people get it wrong in a way that degrades security instead of enhancing it.

My public key is on my website. 🙂

ONE person has ever used it, and that is because we promised to both help each other learn how to use keys!

The idea that Yubi keys replace passwords as a single way in / use device?

Definitely not. Replacing the password factor (something you know factor) and ONLY using a Yubi key (something you have factor) as a single factor is possibly worse than a password, and is certainly no better. Here’s why I say possibly:

The ‘threat model’ is so important. For example, if you live in a very secure house in the middle of nowhere and the Yubi key is in a locked drawer to which only you hold the key, then it may be quite secure. Whereas if you are in an open plan office or university setting and someone could walk by and pick up your Yubi key if you left it on your desk while going to the loo or to get a coffee, then it is not secure. There are no absolutes and it is all completely context specific. What is your threat model? At another end of the spectrum, if you are operating on a network where everyone is meticulously put through a security clearance process, you can operate on a completely different model.

Anytime people make absolute statements it is a clue that they only understand part of the picture. (That’s my friend speaking. I promise I do not understand all the picture, and I can only claim to have a fuzzy image of parts of it.)

A Yubi key is a second factor.Something you have. To use it as a second factor, it can be used with either something you are or something you know. You want at least two of these, so the Yubi key could be used with biometrics (fingerprint, retina scan, face recognition) and bypass the password (which would then be a third factor) completely, but it is not an all-in replacement system. We really want to aspire to use all three.

Part 2: Comments on the video and a bit of discussion:

Identity is a component of authentication.

Stephen is correct that a system is only as strong as the weakest factor.

In the video at 6:30 Stephen mentions something really important in passing, and perhaps doesn’t realise how important it is. He’s talking about two factor completely correctly- log in with biometrics, and then use the physical token. YES.

Public/private keys are for encryption.

Public and Private keys are generally used for assertion and non-reputation (to show signatures). This can have to do with chains of trust. (I’ve been told that’s a whole separate topic and terminology matters quite a lot there, so I don’t dare convey my extremely limited understanding of it)

Public / Private keys are definitely worth knowing about and understanding the mechanics of how-to. But the possibility of making errors so very easy and real… I’ve done it at least a million times and I only used them for fun, to learn how with a friend – not with anything that actually mattered. The tiny slip with private/public that Stephen highlighted in his newsletter, is exactly how it goes wrong. It is so very, very easy to slip up.

To complete the image Stephen shows us in the video at about 11:15:

In Stephen’s diagram, he is correct that only Alice can read the message, but it doesn’t say anything about where the message came from. To prove it comes from Bob, he would sign with his private key, and encrypt with Alice’s public key. That way only Alice could read it, using her private key, and she could verify it came from Bob with his public key. Simple!?!? (not at all)

It is totally complicated, I realise. Like I said, I only send stuff this way with one friend and we were running a security challenge together a few years back as part of an open course, and yes, we both had to have regular tutorials with an expert to get it even close to right.

Stephen mentioned buying a certificate. If you pay for a certificate from CA you are paying to inherit trust from them. If I self-sign a certificate it is free but nobody (browser) will validate it. At that point the certificate is an assertion of trust. With a self-signed certificate you say ‘you should trust me, but I give you no evidence to support this’.

More on what Stephen explains at 13:15ish. Let’s Encrypt is free (yay!) and yes, Reclaim Hosting offers this on their C-Panel. Https gives you confidentiality, integrity, authenticity. Https does not verify who you are connected to – although people think this – You could be connected to anybody.

  • Once the https connection is established, the connection is encrypted. This gives you confidentiality.
  • Integrity – someone else cannot inject information into the information you are receiving. In the US you see ISPs injecting ads into http (unencrypted) connections – and the result is you may see adds on a website that the author of the site did not intend to be there.
  • Authenticity means whoever provided the cite managed to present a valid certificate that matches the domain. For example this cite lauraritchie.com – it sends a certificate that has been signed. That certificate resolves against the root certificate on your local browser, and that resolution says it is a valid certificate.

Https does not guarantee that the connection is to the person you think it is. It says that cite presented a valid certificate that maintains the chain of trust (signed by a certificate authority) and matches the domain.

A reference and little activity to demonstrate this.

This gives you the error message you would get if someone stole your domain, but didn’t get the certificate right.

When I click on Show Details it shows:

This is an example of how it is not to do just with having a certificate. In this badssl example, they had a valid certificate signed by a certificate authority, but it was presented for the wrong domain. This results in the browser refused to create an https connection, because a valid certificate was presented for the wrong domain. Imagine that we are going through passport control and I hand over your passport. If your passport is valid, I should still be rejected, as it is not ‘mine’. Someone might have stolen your domain and they then present a certificate that doesn’t match. This error message is the very first, most basic step in knowing something has gone wrong with knowing you are connecting to who you think you are.

If it did resolve, you pass the first step in the authenticity test. It still does not guarantee the site (or person) is who you think they are.

One tiny step to show more:

Go to protonmail.com (as an aside, different browsers will display things differently). At the moment in Firefox you can see the ‘handbag’ and you can see that xx cite has presented xx certificate. This is pretty good, but it is possible to do this and pretend to be someone else – e.g. there is nothing saying ‘this is me’. This cite presents an EV certificate which matches the domain name, has been correctly signed by the CA. EV means extended validation, and is the highest level of certification. They are expensive and difficult to get a hold of.

 

I think I need a cup of tea now. I do get it, but have had to check and retype al least 30% of what I thought I had right. I hope this tutorial helps more than just me! Thanks to my (patient) friend. 🙂

Nov 16

2 Comments

My Graph #el30

I did it!

Got out the metaphoric gardening gloves, and dug around to figure this graph business out. I’ll admit that the thought of making a 2D representation of me as a graph did not instantly appeal, but I also realise that there is HUGE benefit to seeing other points of view, and to learning how to make something both accessible and enticing. Although the result is not rocket science, I got there. 😀

I’ll take you through my process, ending with a 2 min video demonstrating my graph. Read more

← Older Entries