Emergency Classroom/Workplace & Travel Planning

Below is relevant emergency classroom (or workplace) and travel planning information to consider:

  • Review with the students classroom and building exits at least once each semester to improve fire alarm response. Students are unaware of room and building details, such as rooms with emergency exits (e.g., behind podiums).
  • Personally review the Run-Hide-Fight response training. If you have not had a chance to participate in this training, below are related reference materials:
  • DHS active shooter PDF
  • Run-Hide-Fight training video
    1. https://youtu.be/5VcSwejU2D0
      1. Produced by Houston Mayor’s Office of Public Safety and Homeland Security, and promoted by the FBI, dramatizes an active shooter incident in the workplace
      2. Note: Video is alarming in the beginning. Optional to begin at 1:30 mark: https://youtu.be/5VcSwejU2D0?t=1m30s
  • “Run when it’s safe to run.  Hide where it’s safe to hide.  Fight if you or others around you have no other options.” (Albrecht, 2014)
  • Expect immediately disabled elevators, and diminished cell service. Silence cell phones to protect location. If returning to room to shelter-in-place, expect police knocking and confirming identities through closed doors.

Heartbleed Action List For End-Users

Most likely you have heard of the “Heartbleed” vulnerability that plagues websites using a common open source application.  Web site administrators are busy implementing patches to remove the vulnerability.  However, since the Heartbleed exposure had continued for the past two years, this message offers suggestions to web users to protect personal security.

What is Heartbleed?

Heartbleed is not a malicious software virus, but rather a bug or “glitch” in many websites that used the OpenSSL application to exchange confidential information, such as passwords.  This popular XKCD cartoon illustrates how a website with the vulnerability could be “tricked” into revealing private information.

What websites are vulnerable?

It turns out that a millions of password protected web sites used this helpful open source application. Security consultant Bruce Schneier has said that on a scale of one to ten, this breach is an eleven!  The websites using OpenSSL for password exchange have exposed those passwords to disclosure.  A specific examination of popular websites reveals that sites such as Facebook, Yahoo, and Google (including Gmail) are included.  Although many bank and government sites were not affected, it is possible that the same password was used at multiple sites.  The affected websites are currently in various stages of patching the OpenSSL application to remove the problem.

What should end-users do?

Web users should take this opportunity to address specific Heartbleed exposure, as well as to improve password security in general.  The recommended steps include:

1.     Install the Heartbleed extensions available for Chrome and Firefox.  These will alert the user if a site is still vulnerable to Heartbleed.  After installing the browser extension, vulnerable sites such as (currently) https://tricider.com may be used to test these Chromebleed or Foxbleed extensions.  Figure 1 displays the Chromebleed pop-up on vulnerable sites.

Figure 1 Chromebleed display for sites vulnerable to HeartbleedScreen Shot 2014-04-16 at 7.57.54 AM.png

2.  After verifying that your password protected site is no longer vulnerable to the Heartbleed bug, it is time to change your password. 

3.     Now is the time to improve password security by NOT using the same email or username and password at multiple sites.  It has even been suggested that not repeating passwords is more important than using complex passwords.

4.     Attackers do not need to be very creative to test login information obtained from one site at other sites, such as banks.  Since this means you will need to keep track of multiple passwords, consider using a password manager, such as Lastpass or Keepass.  A search of “best password managers” will provide other suggestions, such as this review by PC Magazine.

a.     Be aware that users, for various reasons, are advised NOT to store passwords in browsers.

b.     Security questions are also problematic, as the “shared secret” is often easy to discover by an attacker.  Consider using fictitious or misspelled information that you can remember.

5.     Be creative with your password.  Attackers do not begin with random or “brute force” guesses.  It is far easier and quicker to use abundantly available hacker dictionaries of frequently used passwords.  For example, the top twenty-five passwords of 2013 were led by “123456” and “password.”

6.     One option is to use a web or app-based password generator, such as http://passwordsgenerator.net/.  Another option is to use the first letter, including capitalization and number, from a favorite lyric or even a phrase such as “In 2008 I graduated from Chicago High School” to create the password “I2008IgfCHS.”  Replacing some of these characters with symbols may increase security.  It is specifically discouraged to use English words, or even English words with predictable substitutions, such as “pa$$word.”

7.     Consider using “second form authentication” (SFA) or “2-step verification” when it is offered, such as by Google, Yahoo, and Facebook.  With SFA, access requires something the user “knows” (e.g., password”), with something the user “has” (e.g., a cellphone).

Finally, do not be surprised if you find yourself having to replace passwords in the near future when the next vulnerability is revealed.  Improving steps for this breach will streamline future demands!

Further reading

Implications: NSA Email Monitoring

The ultra-covert U.S. National Security Agency (NSA) finds itself in the public eye from news alleging they monitor the world’s email.  This news, however, should not be a major surprise given many predictors (i.e., rumors), including a few listed below.


It will be of interest, however, to see how this allegation permeates into the following discussions:

  1. Organizational Security (i.e., NSA as victim):  It is a mistake to believe organizational security is only about keeping foreign hackers out of the network.  This case, and other famous leaks (such as Wikileaks) makes clear that employees, or other attackers with access, have always posed a very real security threat (see “Ultimate Insider Attack” link below). 
  2. American Citizen Privacy:  Growth in technology capabilities combine with terrorism realities to make domestic discussions of individual privacy both interesting and complicated (see also related topic:  The USA Patriot Act)
  3. Diplomatic Niceties:  It will be tough, diplomatically, to accuse another country of cyber-attacking the US if, in fact, the US itself cyber-attacks others (see “China Hacks US” link below).
  4. Open Source Intelligence:  Critical intelligence is increasingly gleaned from large growth in social media communications, such as email, twitter, and SMS, making this what is known as a “big data” problem.

In 1929, Secretary of State Henry Stimson’s stated elegantly, but not practically, that “Gentlemen do not read each other’s mail.”  His opinion changed greatly, of course, when in WWII Secretary of War Stimson depended on cryptanalysis to decrypt enemy communications  

Reading other’s mail continues to become more interesting!




    For Prospects, the College of IST

    In 2012 I wrote a first year seminar book titled A Student Guide to Success at Penn State (described below).  Later that year I collaborated with IST’s Dr. Lisa Lenze to insert a chapter introducing the College of IST.  This chapter (linked here as PDF: IST_Chapter) introduces the College of IST to new organizations and individuals.


    Description:  A Student Guide to Success at Penn State
    [Book available in the University Park bookstore and Amazon]

    U.S. News and World Report ranks Penn State among the top-fifteen public universities nationally. Researchers Matthew and Howard Greene label Penn State a “Public Ivy,” due to its academic rigor, superstar faculty, and talented students of all races. Penn State enrolls over seventy thousand undergraduates in twenty campuses, including fifteen thousand first-year students that begin each year. Student Guide transitions new students to success in the competitive Penn State classrooms, including note taking and time management skills, as well as student activities and support resources. Students are also provided career entrance strategies, including interview and resume preparation suggestions. The college years go by surprisingly fast. With this book, Dr. Glantz–an award winning member of the Penn State faculty–helps students make each moment more valuable. This is beneficial advice, especially in challenging economic times. 



    Note:  This article is from a series on change with strategic implications for higher education.



    In “Dev Camps” I think I may have discovered higher education’s next-generation MOOC! 

    MOOC’s have generated much discussion of late, offering free learning to tens of thousands of students at a time.  I was early to discuss MOOCs previously in “Part II:  Why a MOOC?”, and slow to dismiss MOOCS despite many encumbrances identified to include high attrition rates, learning assessment issues, academic integrity, viable business models, missing credit and accreditation, and placement. 

    To be clear, it is not the encumbered MOOC itself that I saw as a major threat to higher education, but rather what MOOCs portend. 

    By analogy, consider that in 1995 web pages were dismissed by many as nothing more than digital brochures, capable of producing little other value.  Shortly after, however, the rapid innovation and development accompanying technology disruption occurred, and ecommerce was born. 

    Here I liken MOOCs to early web pages, and have thus been scouting for signs of next generation iterations.  Dev Camps could well be one of these signs.  These intense programming experiences offer a product traditionally associated with higher education, and deliver that product at a much lower price point and time frame.  Dev Camps show early promise to be successful, without burdens of accreditation, credit, or transcripts.  

    Dev Camps have a few catches, although previous computer programming skill is not one.  Candidates must be willing to commit 1,000 hours in the nine-weeks to learning, leaving only 500 hours for “errata” (e.g., sleep).  The work expectation is 80-100 hours each week.  Class time alone is Monday through Friday from 9:00AM through 6:00PM.  Fees do not include room or board.  There are no age or nationality requirements, although less than 20% of the video-applications are accepted.  Dev Camps do not pretend to be a school, and as such are not accredited, and offer no credit.  They will, however, connect 90% of the students with high-paying employers.  So, in a nutshell, Dev Camps bridge training to employment with laser precision, and without “all that other school-stuff.”

    So, in a nutshell, Dev Camps with laser precision bridge training to employment, and without “all that other school-stuff.”

    What are Dev Camps?

    Dev Bootcamp is one example of computer-programming schools spreading out from San Francisco.  These camps turn students into programmers in less than three months, with starting salaries between $80,000 and $100,000.

    Dev Bootcamp, for example, teaches “Ruby on Rails ” in three phases.  Phase 1 is Basic Ruby and programming fundamentals.  Phase 2 introduces the web and front-end development (including HTML CSS and JavaScript), and Phase 3 puts it all together through the Rails framework.  Admissions are rolling, so every three-weeks another “16-20 boots” are admitted to replace those graduating.  Each new cohort is assigned two teachers and a facilitator. A little time each day is spent learning from books and tutorials, but most time is spent working in small groups solving problems and challenges, and building applications.

    Perhaps better than universities, these programs make complete mind-body connections, and as such include “yoga, stretching, and even basic meditation and mindfulness training.”  My personal experience from a two-week boot camp that did not consider this was permanent ulnar nerve damage!  Computing is very tough on the body, and good habits are important.

    Good news for colleges?

    Dev Bootcamp’s web site states their motivation is because, “…college is broken. Recruitment is broken.”  Ironically, however, there could be very good news here for agile colleges, especially in urban areas.  Traditional colleges work primarily on a nine-month cycle, and have unused infrastructure sitting idle over the summer.  With relatively little investment, colleges could leverage this infrastructure to offer intense learning experiences in programming and beyond.


    Chea, Terence (2013) Coding boot camps promise to launch tech careers, The Associated Press, April 12, downloaded from http://apne.ws/110i4Jc

    Image Credit: xymonau at RGBStock


    Brief History of the Purple Heart

    Fred, the son of a friend of ours, recently received approval for his award of the Purple Heart.  This is both a prestigious and somber award, and I hope to honor Fred, and other Purple Heart recipients, with this brief history of the award.  Note that I first wrote about Fred in an earlier post.  I am extremely grateful for Fred’s well being.


    Since April 5, 1917, any United States Armed Force member acting in that capacity that has been wounded or killed is eligible to be awarded the Purple Heart in the name of the President of the United States.


    The current Purple Heart medal was developed by General Douglas MacArthur in 1932, and designed by Army heraldic specialist Miss Elisabeth Will in the Office of the Quartermaster General.

    A metal, plastic, or enamel heart replaced Washington’s original fabric design.  The heart of rich purple is bordered with gold, and features a bust of Washington at the center.  The use of purple was “associated with royalty and would stand out on any uniform.”



    The Purple Heart is the oldest known United States military decoration still in use.  The award’s roots and use of purple can be traced to George Washington’s efforts to recognize all soldiers in the Continental Army, as opposed to the European practice of recognizing only those of high rank.  Washington created the “Badge of Military Merit,” which he described:

    The General ever desirous to cherish a virtuous ambition in his soldiers, as well as to foster and encourage every species of Military Merit, directs that whenever any singularly meritorious action is performed, the author of it shall be permitted to wear on his facings over the left breast, the figure of a heart in purple cloth or silk, edged with narrow lace or binding. Not only instances of unusual gallantry, but also of extraordinary fidelity and essential service in any way shall meet with a due reward.

    Three people received the Badge of Military Merit during the American Revolutionary War from General Washington.  Other recipients have been noted in studies of discharge papers.



    There is movement to recognize Traumatic Brain Injury eligibility for the Purple Heart medal.  [see http://www.recognizethesacrifice.org/ ]


    Award recipients include athletes (Pat Tillman, Rocky Bleier), politicians (John F. Kennedy, John Kerry), generals (Norman Schwarzkopf, Colin Powell, Chuck Yeager), artists (Rod Serling, Kurt Vonnegut, Jr., James Arness),  and Medal of Honor recipients (Salvatore Giunta, Audie Murphy).

    Over half of the estimated 1.7 million total Purple Heart awards to date went to World War II recipients.


    My AP Experience

    As an undergraduate, it was quite rare to discover peers with AP credits earned by taking exams while in high school.  Since then I am fascinated that students now earn more than just a few AP credits!

    This may be changing, however, if Dartmouth College is a bellwether.  Dartmouth recently announced they will no longer grant AP credit, citing concerns of protecting the eight-semester experience (http://www.dukechronicle.com/article/some-colleges-weigh-value-ap-credits).  This comes at an interesting time when colleges are under pressure to accept a growing number of transfer students with credits from other institutions, as well as growth in MOOCs and other alternative educational experiences.


    By the way, I would like to take this time to introduce Marion Bressler, and share my lone AP experience.  Mrs. Bressler was a fascinating lecturer in AP History, and was able to mesmerize a large section of high school students for an entire year.  I was not surprised to learn from her obituary that she was a national pioneer in the AP movement, worked with ETS as a consultant, and even taught Joe Paterno’s athletes.

    I have tried to incorporate Mrs. Bressler’s sense of trust and mentoring with my students.  From her I know that learning is a path, and not a race.  She was never condescending or dismissive.  She did more to prepare me for many years of college than any other high school experience.  I am grateful that I had the chance to thank her a few years ago when our paths crossed.  She lit up and fondly remembered her students, our time together, and what we had accomplished.  She had every right to be proud of her time with her students.  We are better for it.

    Disable Java in Web Browsers

    It’s been a rough twelve months for Java, including the infamous MAC Flashback exploit.  
    Most recently the Department of Homeland Security advised users to just disable Java in web browsers.  This comment suggests that it is unlikely a single update will remove all vulnerabilities. 
    There are many tutorials on the web to disable Java in the browser, or follow the screen shots in the PDF at the top of this screen.


    Note:  This article is from a series on change with strategic implications for higher education.



    Higher education enrollment concerns stem from a peak in college-bound high school graduates, combined with growth in alternatives, such as on-line and for-profit degrees.  Also looming are growing concerns from a mediocre economy and student debt burden.    

    Groups tracking education statistics include the Department of Education, College Board, and Chronicle of Higher Education.  For reference, the National Center for Education Statistics’ College Navigator search engine cites over four hundred post-secondary options in Pennsylvania alone; ninety-three of these offer bachelors programs or majors in computer or information sciences and support services. 

    In 2009-10, the most popular bachelor’s degree granted nationwide was business (357,354); for comparison, 39,589 were conferred in computer and information sciences.

    PSU, University Park

    With 38,594 undergraduates, U.S. News ranks Penn State’s University Park as the fifth largest campus. For 2012, over 28,000 students applied for 7,200 University Park seats.   Each year over half of the University Park graduates first began at one of the other nineteen campus locations.


    Figure <!–[if supportFields]> SEQ Figure * ARABIC <![endif]–>1<!–[if supportFields]><![endif]–> Image Source:  http://bit.ly/NJpkGF

    Penn State Live reported a modest undergraduate enrollment growth in 2011. In Figure 1, after Pennsylvania (4,260), the 2010 biggest state contributors were New Jersey (792), New York (453), and Maryland (318). 


    Figure 2 Image Source:  http://bit.ly/TjsjsK

    Figure 2 shows the current decline for in-state high school graduates.  Out-of-state students are an opportunity to overcome increasing competition for Pennsylvania students amid stagnant demographics.

    Another recruiting opportunity comes from “non-traditional” students, such as adult learners, veterans, and transfer students (i.e., students with eighteen or more credits); currently more than thirty percent of all students transfer.  To take advantage of this, policy changes may be needed to improve transfer receptiveness as well as providing success programs normally reserved for first year students.  For reference, Penn State’s admissions office has created a transfer fact brochure.

    IST, University Park

    In addition to undergraduate minors and certificates, Penn State’s College of IST offers a B.S Degree in Information Sciences and Technology (ISTBS), a B.S. Degree in Security and Risk Analysis (SRABS), and a B.A. Degree in Information Sciences and Technology (ISTBA).

    The University Budget Office’ Fall 2011 Penn State Fact Book reports 823 total IST undergraduates: 83 (first year), 158 (second year), 260 (third year), 275 (fourth year), and 47 (fifth year plus).   Note that here Penn State counts “unique” residential students, rather than degrees; students pursuing more than one degree or minor are only counted once, and credited to his or her primary degree college. 


    Figure <!–[if supportFields]> SEQ Figure * ARABIC <![endif]–>3<!–[if supportFields]><![endif]–> Image Source:  http://bit.ly/Q6KLBK

    Figure 3 reveals that IST’s Fall 2011 University Park undergraduates came mostly from Pennsylvania followed by New Jersey, Maryland and New York.

    Current College of IST (University Park campus) entrance policies include the following:

    1. IST undergraduate math course requirements are more similar to students in the Smeal College of Business, rather than the College of Engineering.  However, high school applicants must meet the more rigorous College of Engineering SAT math standard, instead of the lower minimum used by the Smeal College of Business.
    2. Students already enrolled at another Penn State college or campus must successfully complete three-course SRABS or ISTBS entrance-to-major requirements before the start of the junior year.
    3. Students considering the ISTBA degree must apply before the end of the third semester and meet a two-course entrance-to-major requirement.
    4. The College of IST does not accept transfer students (i.e., students with eighteen or more credits from a non-Penn State institution).



    Screen shot 2012-09-18 at 12.25.20 PM.png

    [Image:  What is a MOOC?, video by David Cormier]

    Note:  This article is from a series on change with strategic implications for higher education.



    My first exposure to online education was the summer between my junior and senior year in high school.  I wanted to take calculus as a senior, but first needed to complete a course in trigonometry.  The solution was an online trigonometry course offered by Penn State.  It took a great deal of self-discipline and time management, but I enjoyed a deep sense of satisfaction putting my final assessment in the mail.

    Jumping ahead a few decades the impact of a connected world on distance education becomes visible.  First, simply replacing the postal service of my trig experience has enabled more interaction opportunities, such as more assignments and instruction.  Next, opportunities have expanded to include more offerings to a larger audience.  It is not unusual for search results to also return paid placements for online degrees by traditional higher education institutions.  These are, in essence, an opportunity pay a college or university to complete degree requirements remotely.

    In the past few years, however, there has been growth in opportunities for anyone to participate in online courses without payment.  Enter the wild frontier era in open teaching and learning involving the “Massive Open Online Course” (MOOC). 


    I suggest two reasons for higher education to follow, or even participate in, the MOOC, despite MOOC’s low completion rates and lack of accreditation, credit, or degree potential.  The first reason is to learn from the successes and failures of this fascinating experiment in teaching with technology.  The second is to reflect on possible higher education paradigms stemming from historical constraints on course offering, size, length, or assessment, for example. 

    In particular, I discourage dismissing or ignoring MOOCs.  David Cormier believes some academic negativity may stem from incorrect suggestions the MOOC will replace traditional classrooms, or is superior to resident instruction.


    Wikipedia traces thinking behind the MOOC to a presentation by Buckminster Fuller in 1961.  The term MOOC, however, was coined by Dave Cormier to describe a 2008 course taught by Siemens and Downes.  The “Connectivism and Connective Knowledge” course was offered for credit to twenty-five registered participants, but opened to 2,300 non-credit participants.


    New MOOC offerings are announced regularly, often with significant funding, and occasionally with industry partners. 

    Players include:


    Penn State’s College of Agriculture “invented” correspondence courses in 1892 (i.e., way before the Internet). Penn State’s most celebrated correspondence students are two guys named Ben and Jerry.  By the way, the tradition continues as my current home in the College of IST was recently ranked #1 by the Best Colleges for online IST degree programs.


    • Cormier, Dave and Siemens, George (2010), Through the Open Door: Open Courses as Research, Learning, and Engagement, EDUCAUSE Review, vol. 45, no. 4 (July/August 2010): 30-39. http://bit.ly/OWzqRy
    • What You Need to Know About MOOC’s, The Chronicle of Higher Education, http://bit.ly/S5CJcH