“Lessons Learnt from the SingHealth Breach” – NUS IT shares highlights

NUS IT sent staff this “Refresher on Security: Lessons Learnt from the SingHealth Breach”. The video provides the highlights and so spares us having to read the Public Report published by the Committee of Inquiry in Jan 2019.

Many important (and surprising) lessons are embedded in this animation, and I congratulated them on producing it for us.

This two minute video is definitely a watchable primer in my “Digital Literacies for the 21st Century” class next year. Students  can watch this and then we shall discuss the wider implications.

Interestingly, at the core of all this are the same old problems because it stems from human behaviour.

 

In this part of the class I ask students about what they do for passwords and many confess to having just the one to two. And there is no password manager in use by for these folk.

Digital natives may not necessarily be digitally savvy, hence the class.

Click Meeter for your next online video meeting and organise your windows with Magnet [macOS]

Here are two really helpful apps which help me in my work online.

Meeter picks out video conferencing meetings scheduled in my Exchange and Google calendars, and lists them in the menubar – which I call up with a keystroke, typically 15 or 30 mins early for meetings I host.

Meeter menubar

I’ve set Meeter to present meetings links five mins early in case I forget to join a meeting I signed up for. With just a click, I’ve joined the meeting. That is typically on Zoom, but Meeter works for Webex, MS Teams and Google Meet as well, amongst others. 

Meeter_settings

During a Zoom webinar, I have several widows open in addition to the relevant video conferencing app. I open the Q&A window separately, look up references the speakers make on a web browser, chat with audience members I know on What’s App, and keep a text app open for notes.

Magnet organises all my windows, again with keystrokes. I push windows around with keystrokes to various positions – left or right or top right or left two-thirds. It has been critical when I was using just my laptop screen, and is still very useful when use two screens during WFH. 

Magnet-Three_windows

Go get ‘em!

Educators can use Zoom safely – just explore the settings

Since the onset of COVID-19 in late January, I’ve been video-conferencing meetings. My go to for years have been Google Hangouts and Skype with students, and since last October, Microsoft Teams with staff. The latter was part of an effort to shift college colleagues from a bunch of unsecured Google tools to the more secure though less friendly Microsoft platform.  

One I started using Zoom though, these other tools were forgotten. Zoom was a delight to use, with an easy interface and single click invitations to a web interface for novice participants. For educators managing classes, the Waiting Room and Breakout Rooms were extremely useful.

So in the final instructional week of the shortened semester (Week 12), I scheduled some 400 students in two modules to present their final oral presentations. That worked out to more than 80 half-hour sessions with Zoom over four days, of which I attended almost 50.  

Since I was imposing a tool on so many of us, I read up, prepared guidelines (posted on Google Docs), and compiled this list below to train staff and myself about our hosting duties:

Zoom for Educators: Security responsibilities for hosts
Edit your settings at: https://zoom.us/profile/setting 

  1. Use the latest version of the Zoom app (check for updates)
  2. Generate a new Meeting ID for each meeting
  3. Generate a new secure password for the meeting
  4. Nominate a co-host when scheduling the session
  5. Keep the Meeting ID and password private to participants only. For large meetings, I have people sign up first and email them meeting details.
  6. Advice participants they can set a Virtual Desktop to mask their background.
  7. Disable File Sharing
  8. Use the Waiting Room to vet participants before allowing them into a session (participants must have recognisable usernames)
  9. Disable “join before host” but be 15 minutes early to the meeting in case participants need help.
  10. Enable the authenticated user mode, if possible.
  11. Lock the room when all are present and if connections are stable.
  12. Set the screen sharing default to host only; release as needed
  13. Respect your participants – inform them if you are saving session chats or video-recording the session.

Since students were new to this, I didn’t enable the authenticated user mode nor lock the room for ease of those with dropped connections.

So the homework was important.  

Zoom-mmm5-otters
Zoom’s Virtual Desktop was a fun tool with which to encourage others to use the app.

The National University of Singapore had initiated COVID-19 mitigation measures by Chinese New Year. And almost immediately, the Centre for Instructional Technology rolled out e-learning solutions. Amongst others, they promoted the use of Zoom, complete with training webinars. The staff I worked with attended these sessions, were familiarised with fundamentals for use and explored the pedagogical outlook.

I was still using Google Hangouts in March 2020 with research students and Teams with staff. However by late February (Recess Week), the shift to 100% e-learning appeared inevitable, which meant our student symposia in April would have to be held online. I had about 300 students in GEQ1917 Understanding and Critiquing Sustainability at RVRC and another 100+ in LSM1303 Animal Behaviour at Department of Biological Sciences. 

So I began reading about Zoom and the problems were highlighted by many tech sites. Some critical issues had been fixed the previous year, and several others could be circumvented by choices in the settings (hence the list above). While some didn’t matter, such as end to end encryption for what would otherwise be public symposia.

All that scrutiny was helpful, as it eventually forced Zoom to announce a focus of their engineering effort on privacy and security. Already a security

Many articles hysterically bemoaned the shortcomings, and while useful to carefully sift through for weaknesses, no alternatives were suggested. As with every tool, it would eventually be the examination of the purpose and settings that would decide if safe use was possible for my purpose.

I was glad to see that NUS’ CIT announce this position calmly twice, as did Tech Editor Irene Tham in The Straits Times. 

It was understandable that the Ministry of Education had to swoop in to ban the use of Zoom after a hacking incident, which made world news. But that ban is temporary, for as reported in The Straits Times “the ministry is working with Zoom to enhance its security and make security measures clear and easy to follow.” [Update: they have restored Zoom with some limits in place and will review in future – link]

Since practise with settings and short cuts is critical, I suggest you try this with friends, and incite the tech savvy ones help with an online tutorial. After preparing a friend for her seminar, I learnt a few more things myself.

Since January, a variety of COVID-19 mitigations have been in place in Singapore, and we now all have plenty of friends to experiment tele-conferencing tools with. I’ve had fun scheduling sessions in a jiffy with my secondary school buddies and it has also been a great way to support each other during this challenging time.

Useful links:

Fortinet Client v6.2 for macOS for use with NUS SoC VPN

I started using the Forticlient for macOS when I was in China for the International Otter Congress. One of my Chinese students from SoC introduced me to the alternative to NUS VPN which use Pulse Secure. I was having moss problems when macOS Catalina came out so I switched and its worked fine for me.

Once installed, I just have to set the remote gateway to webvpn.comp.nus.edu.sg and I’m good to go. It’s not in App Store so is not automatically updated. I was installing it on a temporary machine while my MBP was in the shop (for a keyboard change) and realised the client is now at version 6.2. Updated!

Screenshot 1363

Registration is open for the Battle of Pasir Panjang Commemorative Walk – Sun 16 Feb 2020

The Battle of Pasir Panjang Commemorative Walk 
with the NUS Toddycats, volunteers of the Lee Kong Chian Natural History Museum, National University of Singapore.

UntitledImage

Sun 16 Feb 2020: 7.00am – 12.00pm from NUS

The heroic account of the Malay Regiment at the Battle of Pasir Panjang left a strong impression on us, and there few of us have come together to humbly commemorate the Malay Regiment’s defense of the ridge every year since 2002.

Guides will share with the public stories about the battle, the geography, history and the flora and fauna of the area which drew us to explore the ridge decades ago which led us to gradually learn of its history.

Our commemorative route takes us from the battle front at the National University of Singapore to Kent Ridge Road and through the Gap to Kent Ridge Park and ends at Reflections of Bukit Chandu (note that this is closed in 2020).

All are welcome, just register at Eventbrite.

You must be able to wake up and join us at 7.00am at NUS’ University Cultural Centre and be physically fit enough to walk 5km (with some stairs) at a moderate pace over five hours. 

Please read the other details and guidelines for preparation on the Eventbrite page.

“Climate Rally” by 11,000+ world scientists – yes, it is a climate emergency, and here are clear indicators

World’s scientists have put their weight behind a clearly written scientific paper presenting clear indicators against which to measure climate mitigation efforts. Essentially a scientists’ version of a “Climate Rally”, they are raising attention with those who need an ambiguous warning. 

Despite repeated warnings by scientists going back four decades about a climate emergency facing the planet Earth, mitigation efforts by government and corporate entities are inadequate.

The obligation to warn the world is taken by Ripple, Wolf, Newsome, Barnard & Moomaw (2019) to mean delivering a clear and accessible report. The present a broad set of indicators were extracted from relevant, recent, clear and updated data sets to be presented as “a suite of graphical vital signs of climate change over the last 40 years”.

NewImage

These vital signs are meant to “better allow policymakers, the private sector, and the public to under- stand the magnitude of this crisis, track progress, and realign priorities for alleviating climate change.” 

This paper was also circulated through the clogged inboxes of scientific  communities and received support by some 11,000 scientists around the world. It is presented in clear language, and accessible for free here, with short recommendations and the assurance that ‘The Alliance of World Scientists stand ready to assist decision-makers in a just transition to a sustainable and equitable future.’ 

In Singapore, the evidence provided by science is well accepted and climate change was addressed by the prima minister. Translating that knowledge adequate and effective action is a challenge we need to improve on, and something youth have called for clearly through SG Climate Rally.

Links

  • “World Scientists’ Warning of a Climate Emergency,” by William J Ripple, Christopher Wolf, Thomas M Newsome, Phoebe Barnard & William R Moomaw. BioScience, biz088, https://doi.org/10.1093/biosci/biz088; 05 Nov 2019
  • “Alliance of World Scientists” (23,000 subscribing members from 180 countries) https://scientistswarning.forestry.oregonstate.edu
  • “Climate crisis: 11,000 scientists warn of ‘untold suffering’,” by Damian Carrington. The Guardian, Tue 5 Nov 2019. [link]
  • “More than 11,000 scientists from around the world declare a ‘climate emergency’,” by Andrew Freedman. Washington Post, 05 Nov 2019. [link]