Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> the students themselves don't have the artifacts to resubmit via email because they were done in Canvas

It’s so simple to send an e-mail to the student with relevant records on completion of a quiz or whatnot. They don’t do it, because they want to control the data. (And universities don’t insist on it for who knows what reason.)



I've never used Canvas before, but all the LMSes that I've used allow students to enable emails whenever anything is updated, including when grades are posted. This is off by default because it's often 10+ emails a day, because many teachers post notes once a day, and with 5 classes, that adds up pretty quick. I personally have it enabled because it's pretty manageable with some custom Outlook rules, but setting this up is well beyond the capabilities of most students.


Canvas will send emails when grades are posted, but not what the grade is. Or at least that’s the way in the configurations I’ve seen. So, that wouldn’t help in a case where no one can access the canvas gradebook.


yup you just get an email saying "A new grade has been posted for EECS 420"


...then all those clicks juice engagement and utilization numbers; why would someone want to just know their grade when they can use more clicks and custom apps to get the same info? </s>

The party line is probably something about "a lack of data security" with email, which would almost be funny given the current situation if it wasn't so stressful for those impacted...


No, students are already forced to use Canvas enough as is. This is enterprise software, it's not a consumer phone app. This is nothing to do with "engagement".

This is to do with FERPA which requires that student grades be kept private. There is a small but still a significant legal risk that someone else such as a parent or roommate could have access to a student's email. And so to avoid even the possibility of a court case, schools prefer to play it safe and display grades only to a user they can authenticate directly.

This doesn't have anything to do with common sense, it's simply about legal risk. And it's not about security in a broader sense, it's specifically about privacy FERPA legislation.


FERPA allows emailing confidential information to a student email on record if the university controls the email account. Most universities offer their own email service (and require using it) for this exact reason.

There is no more risk of access to email than there is to Canvas. They are usually secured by the same SSO, too.

However, congratulations for finding the exact dodge around implementing a useful feature. Back when I worked at a university, it was apparent we had a “toolbox” of reasons to deny requests we didn’t want to do: HIPAA, FERPA, ERISA, PCI, GLBA, Title IX, ADA.

“We can’t do that integration with student health services due to HIPAA concerns.”

“We can’t implement that sign up form due to FERPA.”

“We can’t update that site because we’d have to do so and be ADA compliant and that would cost too much.”

“Due to Dining Services’ server being in scope for PCI, we can’t run reports off of it.”

“Adding that ability to Student Affairs’ portfolio app would raise Title IX concerns.”

It was great. You had endless excuses to say why you can’t email a student their grade.


I already said it's not about common sense, it's about legal risk.

It's about edge cases like someone set up your email to forward all your emails to their account without you knowing. Or other additional situations you could imagine.

There is no benefit to not emailing grades directly, from the perspective of Instructure. There is no ulterior motive here. But universities are genuinely risk-averse and their lawyers tell them that not including the grade in the email simply shuts down one more avenue for some potential lawsuit. Which costs money to defend even if a university wins it.

This isn't some kind of "dodge". This is literally just Instructure doing what university lawyers demand.

I agree with you that the email address is generally always also controlled by the school and has the same login authentication. It doesn't matter. I told you this isn't about common sense. This is about lawyers saying that it could reduce legal risk. And that is a true thing that is coming from real lawyers. Even if you disagree with those lawyers.

And Instructure isn't going to try to disagree with lawyers for its own potential customers. It's going to give the schools what they want, which is not revealing grades via email.

It's not a "dodge."


Have you ever worked in an environment where you were responsible for building systems that complied with FERPA and you worked with your school's general counsel and compliance team on that?

What you are saying about e-mail is simply not factual. Student e-mail is inside the FERPA environment, and is considered private to the student. It was designed to be that way. If a student sets up forwarding to go to someone else, that's their problem. The student e-mail uses the same SSO as the LMS, so it's nonsense to act like someone else could have access to e-mail.


Then the lawyers are incompetent morons. There's "no benefit" to telling the student their own grade at all when viewed from that perspective. You could just not give them any feedback. Or you could allow them to consent to it, which is what the law asks.

It is a dodge. Society should not just say "oh those silly lawyers". These people are not being responsible. They are not doing their jobs.


As someone who transitioned from working in startups and technology to a university, it is hard to describe how different the environment is.

It looks very weird and is hard to understand from the outside, and unfortunately all technology vendors are on the outside.

Basically every technology has an impedance mismatch when brought into the university environment. And when you combine them together it keeps getting worse.

That's why you see things in this thread like CS professors who operate their class using pen and paper and maybe a spreadsheet.


I worked with a lawyer who was the on-staff general counsel for a mid size private university who was not an incompetent moron.

One thing I really appreciated that she did was refuse to put e-mail disclaimers in the bottom of e-mails, because she said they had zero legal weight and actually were negative from a legal perspective, since it means people might think they have legal weight (when they don't).

Overzealous e-mail admins would periodically want to do it because it's what everyone else does, not to mention vendors of frankly B.S. software whose only value prop was adding a disclaimer to all the email that went out of Exchange or Google Workspace.


No, the lawyers are not "incompetent morons", and I highly doubt you have the legal training and domain experience to be qualified to make that assertion.

You would be surprised at the number of frivolous lawsuits and seemingly "zero risk" decisions that wind up turning into actual legal risk and legal fees.

The legal world is a lot more complicated than you think. I've been in some of these conversations. Quite frankly, you don't know what you're talking about.


> You would be surprised at the number of frivolous lawsuits and seemingly "zero risk" decisions that wind up turning into actual legal risk and legal fees. [¶] The legal world is a lot more complicated than you think.

The law is a lot like an app: It has to take into account a gazillion edge cases and corner cases — not to mention that people can be ignorant and/or malicious. It really is complicated, as you say above.

Well done on not hurling insults at @ndriscoll, BTW. Personal attacks don't persuade the target, and they can turn off onlookers who might be undecided. (Competent lawyers learn early that judges and jurors don't like personal attacks and can be less inclined to believe the attacker.)


The thing is, I don't need that training to recognize that they are failing to contribute to society. This is why I'm saying that it is indeed a dodge. "It's complicated and you don't understand it" isn't an excuse for making the world worse. And yes, it is fully possible for a someone to make that judgement without a large background in law, because it's taking a holistic look at "what was the purpose of this law, and are they interpreting it in line with that purpose?" The details don't matter; the outcomes do. Their job is to deal with the details to reach the desired outcomes. If society is better off for putting them on a boat and sending them into the middle of the ocean, then they are incompetent.

Refusing to give a student their own data because of a privacy law that's meant to give the student control over their data is them failing. Full stop. There's no room for excuses for government funded entities to act in the exact opposite way that they are supposed to to avoid their fear of government imposed penalties from a deliberate misinterpretation of what the entire thing is about. That's incompetence by everyone involved. It is people going out of their way to make the world a worse place to act important. Absolutely unacceptable.

It's like if teachers aren't teaching the kids to read or add, the details about all the compliance stuff they need to worry about and how the school "can't" remove disruptive kids from a class or whatever is missing the point; the schools can't sacrifice actually doing their job at the alter of compliance, or we should just shut them down since all they do is waste resources. The compliance people should be figuring out how to shield the actual workers/create plausible deniability if the law is supposedly that stupid.


The world is complicated. Laws like FERPA are written with good intentions, but there are a lot of gray areas open to interpretation, and bad actors will take advantage of those gray areas to bring lawsuits for selfish purposes that universities have to spend money to defend themselves and possibly pay expensive penalties over. So lawyers advise how to follow laws in the most risk-free way.

Blaming lawyers or Instructure for "failing to contribute to society" is both incredibly immature and factually wrong. It's not the 1980's where jokes about "kill all the lawyers" get laughs.

I'm going to be blunt: you seem to have a kind of black-and-white, adolescent understanding of the world where it's split up into good actors and bad actors, and good actors should do what's right (regardless of the law) and bad outcomes are the result of bad actors. But that's not how the world works. Everybody involved can be intelligent and trying to do their best, and we get suboptimal outcomes because this stuff is hard. Writing laws that protect student data while maximizing student convenience are probably never going to get it perfectly right in every situation. But insulting the lawyers or the schools or Instructure as "failing to contribute to society" or insulting the law as "supposedly that stupid" is to deeply misunderstand everything.


FERPA does not have a lot of "gray areas open to interpretation". It's a well-understand body of law, case law, and regulations, and things like whether or not you can e-mail a student a grade are settled questions.


It's not a misunderstanding of everything, especially for schools that are government funded. They have a mission, they receive resources from everyone else to do that mission. If they are then worried about penalties for some frivolous side distraction, and choose to not accomplish their mission for fear of that, then why are we funding them to start with?

Frankly it's a perspective that I've only developed as I got older and realized that such excuses are poor, and that the real world has quite a few people in it who don't really care about the outcomes of what they're doing, or even understand why they're there. To me it feels adjacent to the adolescent view I often see on this site/reddit around "why is the company laying people off when they're making lots of money?" It's because those people aren't needed for anything, and those jobs aren't a form of charity. They exist for a purpose. If they no longer have a purpose, why would you keep paying that person?

If people are going to exist as obstructions to the purpose of the institution we're trying to serve, then they are useless. It's like a computer security worker saying the best way to be secure is to unplug everything, and push for policies that no one shall use computers for anything. Completely missing the point.

Finding ways to follow the law in the most risk-free way to the detriment of everyone is exactly missing their purpose in the world, and everyone should rightly call such a person incompetent and useless. It's casual acceptance of this kind of incompetence culture that slowly leads to societal decline. It's the same kind of thing as when Berkeley took down their lectures because of the ADA. How about the same state that ignores federal immigration and drug law say that actually they're going to keep giving away their free educational materials because they want universal education, and giving those lectures away is strictly better than not doing that, and if the feds want it made accessible, they can fund a project to do so?


I really don't know what to tell you. You're literally calling for universities to either break the law or not worry so much about following it, and calling people who do want to be careful about following the law "incompentent and useless".

If you don't see how extreme that is, and how much society would break down if everyone started thinking laws were optional and ought to be ignored when they prevent you from accomplishing your "mission", I just don't know what to tell you.


Quite the contrary: society very obviously runs because people ignore policies and laws constantly. That's why following all laws exactly is considered a protest or subversion strategy: malicious compliance.

Like the entire AI industry could only work by completely ignoring copyright law. Basically no software could be written if developers were concientious enough to check for and avoid patents first. Tradesmen ignore safety policies. Doctors ignore limits on hours. People do work on their homes with no permits.

Part of being an adult is exactly knowing which rules are important and which you ignore.


Individuals can choose which laws to ignore, like when they jaywalk.

Corporations, universities, etc. are very different. They create policies which are documented and which their employees are required to follow. They engage in risk analysis.

"Part of being an adult" has nothing whatsoever to do with the laws and regulations that apply to organizations. You're making a severe category error.


Organizations are made of individuals who I assure you regularly ignore or don't even read the policies they are "required" to follow.


I don't know what world you live in. Everywhere I've ever worked, that gets you fired. Real quick.


I've worked at a couple F100s and a startup.

At IBM, vim was specifically banned by legal because of reputational risk because the license asks you to consider donating to children in Africa, and IBM didn't want to be called out for not doing so. Guess which editor pretty much everyone in my org used? We also weren't allowed to move furniture because of some union agreement, but guess how many people cared when furniture mysteriously moved from an empty office room into ours? None.

At the startup, people in our satellite office in Arizona openly mocked the California HR harassment training over lunch. It was also an open secret that one of the managers started dating a report. As far as I know many years later they've both moved on to other jobs and they're still together. Nothing bad happened.

Breaking some policies will absolutely get you fired, but that's mostly around doing things you shouldn't be doing, and even then usually only matters if someone else that has some power might themselves get in trouble/have more work/lose something because of what you did. Others no one will care about. Again, part of growing up is figuring out which policies have a purpose and which came from some busybody.

I also already gave the entire AI industry as an example. We know for a fact that Meta trained on pirated material, and it's pretty obvious that everyone else does too. It's blatant industry wide flouting the law. The realpolitik answer here is everyone knows that enforcing the law here would be the final nail in the coffin for China superceding the West, so it's not going to happen.


Just to be clear:

E-mailing a student their grade is not "breaking the law".

Not e-mailing a student their grade is not "being careful about following the law". It is just sheer laziness.

A university may develop a policy of "we don't e-mail grades" for another reason, but FERPA is not a valid reason.


"Just to be clear":

It's not "sheer laziness". I can almost guarantee you that Instructure would prefer to e-mail the grade itself, and probably had the code working somewhere before feedback from universities told them to remove it.

There are absolutely cases where sending an e-mail to the wrong person is a violation of FERPA. Can you guarantee that your software will never be configured to accidentally e-mail someone besides the student? That no administrator will ever accidentally set up the wrong e-mail address? Because you're not sure if you can make that guarantee, it's legally safer to restrict it to the actual LMS login.


Yes, I have written software that would email a student information that was in scope for FERPA.

It’s rather simple to restrict sending email to @student.uni.edu and then further force their email to match the username and email address that is synced from the SIS.

How much FERPA compliant software have you written?


That's great for you. I've been in meetings with lawyers around FERPA compliance.

You are right that if you are creating a custom tool you can create that restriction easily.

But if you are creating a learning management system where administrators can configure it a million different ways and the university lawyers want to make sure that administrators don't set it up the wrong way, it makes sense to have that safeguard.

You are looking at the wrong level here. This isn't a software coding issue around technology. This is a policy compliance issue around people. When you create tools you have to consider the possibility of those tools being misused by an employee and mitigate those risks when possible.


> The thing is, I don't need that training to recognize that they are failing to contribute to society.

An old lawyer joke: What do you call 100 lawyers drowning in the ocean? A good start!

(Told to me by my dad, a former attorney till he retired.)


I think the lawyers in a straw-man imaginary world where they say a university can't e-mail any FERPA-covered data to a student (which includes such basic things as what times a student's classes are) don't contribute anything to society. But that's because they're just a figment of one person's imagination.

Actual, real lawyers who work for or at real universities often do contribute quite a bit of valuable work. I enjoyed the one I worked with and think she did a great job of putting the brakes on over-regulating or using legal compliance as an excuse for just not doing work.


That's great to hear. As I agreed elsewhere in the thread, their true purpose is exactly to shield other workers from this sort of nonsense FUD and make-work.

Of course I presume it's also not a strawman because it's not in any way some unique thing to lawyers.


The general counsel at my last university job actually tended to cut through the red tape and excuses of “can’t do this due to legal”.

Lots of fun if a department had been stonewalling for “legal reasons” and she was summoned to a meeting.


This, way too many people think they know the law and build up a wall of thinking based on their erroneous understanding of it. They're often afraid to incur the perceived expense of consulting an actual expert.

The same kind of broken thinking exists across MANY other aspects of life. Turn up the radio in your car to avoid hearing the problem that would be 'easy' to fix now and instead ignore it until it turns into a considerably more expensive repair.

I find it's often the same people that make these kinds of misguided decisions that crow the loudest about "kill all the lawyers". Perhaps because of their fear of being called out for their ignorance.


Isn't that due to FERPA related concerns?


  > setting this up is well beyond the capabilities of most students.
Setting up custom email filters is beyond the capabilities of most students? What are they learning? Where will they be qualified to work?


> Where will they be qualified to work?

Going by a certain story 2 years ago, their concern should be that they're overqualified for Meta.

It doesn't help that gmail, which is the only serious direct competition to outlook, straight up doesn't do "folders" and instead goes with markers. So you can't really just put a filter that drags all the 100 low-priority alerts in what would count as a first degree abstraction of "place where things are sorted into". No, there are two layers of abstraction between point A and B of things, sorter and sorted things. The result? Muggles can't recognize the heck you're describing and refuse to even acknowledge the possibility.


> It doesn't help that gmail, which is the only serious direct competition to outlook, straight up doesn't do "folders" and instead goes with markers.

While true, unless I'm mistaken, markers (I assume you're referring to tags) can be nested to provide a pseudo-folder hierarchy, and with proper filters you can remove the "inbox" tag and have the mail only show up under the specific tag.

TBH I don't fully mind it, it lets you classify an email in multiple ways (eg "See Later" as well as "Work related").


Tags are great but I still want my folders. Also doesn't help that the way google describes some things is unnecessarily complex or confusing. For example, removing an email from the inbox requires archiving it. In most other applications (WhatsApp, Signal, Outlook, etc) archiving usually results in the email being placed in a specific archive folder that isn't readily accessible through the UI. At least not to the same level that normal emails are.


People in my work and personal life experience do not understand the concept of labels in a Google inbox and misname them folders 100% of the time. Google allows you to drag-n-drop emails "into" labels like you would files in folders conflating the issue even more as the logic to automate this behaviour with a filter isn't leveraged. Even the layout of a default inbox is setup in a way that the average user has difficulty understanding what happens when an email drops off the "front page" of their inbox.


They can be nested, the one thing I have never been able to figure out though is how to get alerts of receiving a message while also filing away in a sub folder. You get one or the other in outlook, as a result I rarely check my work email anymore cause I either get the fire hose of spam or miss everything entirety because it's going to a folder and not passing along an alert about a new message.


Gmail still has perfectly functional filters that can be set to auto-apply a label and skip the inbox. They may be called "labels" now, but they still function just as they did when the UI called them "folders"


I partially solve this by using Thunderbird on my laptop. When I get emails on my smartphone (on the Gmail app), they unfortunately all go to the inbox. But the moment I open Thunderbird, it nicely organizes them for me.


Does Thunderbird have rules? I searched for this and didn't find them.


Yes, it has filters. Open it's menu (the three stacked lines on the desktop version) and you will find them there.


I use Thunderbird on both the desktop and Android. Love it.

Perhaps Outlook is difficult to configure. Thunderbird is intuitive.


Yes, every now and then I think I should try it on Android as well, but still have to do it. It would be great if there was the possibility to sync filters across devices, in a similar way of using your Firefox account to sync extensions. Do you know if this is possible?


I don't think it's possible.


If a CS graduate can't figure out some simple gmail labels and filters then they should not be awarded that degree. Plain and simple. It's not rocket science.


And there are no other students at any college other than CS students? I'm not sure why a biologist or a literature student would need to be au fait with Google's admittedly fairly unfriendly email management setup.


Digital literacy is important to every field. Email filters are not some arcane computer science concept, they are the modern equivalent of filing physical mail into the right folder/pidgeon hole/inbox/whatever.

Biology is a great example because of just how important digital record management is to experimentation in the field.


I don't think you've seen many biology field data sets.


Many relative to the total set, no. But enough to know writing it down isn’t going to cut it. Most datasets I’ve seen are xls, hdfs or csvs nested many directories deep. Not exactly for those who can’t manage an email filter. Without getting into the processing of it either


You can store Perl in any file format.


All biology folks I'm interacting with are juggling excel sheets all day.


1. This was a response to a CS professor, so specific to CS students.

2. Yes, configuring gmail filters should be doable for anybody with a university degree. It's really not hard.


Most of my students, across all disciplines, don't have basic competence in Word or GDocs, software they've been using for years. It's weeks to teach them how to appy headings


I feel your pain, and my students are design students


Most graduates aren't really qualified to work anywhere that they couldn't have worked before going to college in the first place.


You mean graduates of US colleges? Not colleges in general. Or non-technical graduates of US colleges?


I think they point weird-eye-issue wants to make is: Students attend college to become qualified to work.


I think you completely misread my comment.


I understood your comment perfectly fine. I'm asking which graduates of which colleges you were referring to. It looked like you were generalizing about US HS and colleges. If so, plenty of other countries' HS and college education systems work better, so your comment doesn't extend.


> I understood your comment perfectly fine. I'm asking which graduates of which colleges you were referring to.

They are referring to MOST graduates of MOST colleges. This is a deliberate overgeneralization about the nature of post-secondary education meant to highlight how it's frequently viewed solely in terms of completion rather than with regards to any skills or knowledge gained from it.


I didn't even reply to you.


I'm not confused.

Your comment stated that college doesn't add much to a person's employability. (If you had wanted to be less obfuscatory, you could simply have said "a [HS] education is already adequate qualification for many jobs; college doesn't add much").

That was your claim. (I don't think your claim is correct of many OECD countries' colleges, but it was the claim you made.)

You then replied to J-Kuhn to say that they had misunderstood your comment by (mis)paraphrasing it as "Students attend college to become qualified to work."


It's a little weird how I ignored your comment and replied to somebody else and then you felt the need to reply to me again and again


Not really. The comment of yours that started the lack of clarity is this double-negative, and 0/2 of us who responded to you here found it useful:

> Most graduates aren't really qualified to work anywhere that they couldn't have worked before going to college in the first place.

The double-negative could be read both ways: "Most HS grads aren't really qualified to work anywhere and college doesn't add much" or "a [HS] education is already adequate qualification for many jobs; college doesn't add much". So we apply Occam's razor and since the [U-5] unemployment rate for [US] HS grads is << 50%, conclude you meant the former. But the comment was still needlessly obfuscation. Even if we assume which country and education system you were talking about.

Conversely, it's a little weird how I ignored your lack of clarity and didn't point it out so starkly, then you reduce the interaction to this ping-pong. I don't intend to overflow the stack on this.


Do you realize how insufferable you are?

I know that I used a double negative, I meant to do that. Not everything is meant to be written and read the exact same way. That was the particular style of sentence I chose so you can just deal with that and you don't need to keep pointing it out.


Stop being abusive. Your original double-negative comment lacks clarity, it can be read in two completely opposite senses. It would better for you simply to have clarified it (and next time be clearer in the first place). People here brought that to your attention but all you do is attack them. That's on you not us. If your stylistic choices make your writing incomprehensible, then don't use them. That's all.

Put it like this: it was an interesting discussion before that, and looks like people expected you would simply clarify your meaning (like most of us do when we're being unclear), so the discussion could proceed. Not go on all-out attack.


I used LaTeX as a ugrad, it’s not that hard


you're at the other end of the spectrum; unless you get work in academia this is not an advantange.


I use it to filter recruiters, if they can’t accept (a well typeset) PDF résumé, and insist on Word I know to skip them.


They only ask for Word because they plan to edit it to remove your contact info. Or worse.


So are you getting a lot of offers this way? Anyway, I admire your dogma.


Well, I’m retired now. I only had 4 jobs after finishing my BS.


Congratulations on your competence.


It's not even standard in academia.


Depends on the discipline. I never hear of mathematicians using anything else.


You know that most students aren't computer science majors?

Have you met the average community college student who doesn't even own a laptop but does all of their work on their phone? Gmail doesn't even allow you to create or manage filters from their phone app or mobile web interface.


I have been using email for as long as email was a thing and I still managed to blackhole important emails with filters not too long ago.


> What are they learning?

Exactly what is in their field of study, nothing more. That's a huge part of the problems created by treating academia as a degree mill mandatory to get a job able to feed yourself instead of a place only for those truly interested in actually studying a subject.


Most people who have office jobs don't know how to do this either


Most managers I've met, struggle with setting up email filters, and have to ask tech support to do it for them. These students will be qualified just fine.


I'd hope/assume that any Computer Science students would be able to do this, but most Biology/Education/English/Art students probably couldn't.

I mean, anyone smart enough to attend university could probably figure it out if they really wanted to, but there are hundreds of other useful things that they could learn too. There are only so many hours in the day, and given that most students don't get that many emails, I can hardly blame them for not wanting to prioritize learning how to filter emails.

(I personally have over a hundred lines of Sieve filters, but I'm definitely not a typical student)


Biologists should be more qualified than most to classify and tag email specimens.


This is a brilliant reply. I shook my head at the original and laughed hard at your perfectly reasonable question.

It reminds me of an old joke my father used to say about jobs with virtually no interview (fast food, etc). He called it "The Mirror Test", as in if you hold a mirror up to the person, does it fog up? If yes, you are hired!


> What are they learning?

Are you suggesting that outlook wrangling be explicitly taught at the college level?


Anywhere. I straight up don’t check my email at work. If people need me they have to teams message me to tell me they emailed me. Don’t have time to sift through all the bullshit generated emails. Jira, GitHub, confluence, servicenow, workday, etc. amounts to an incredible amount of junk I just can’t be bothered with.


>Setting up custom email filters is beyond the capabilities of most students?

Yes. And most of the general population. They can do it once they know it exists, most people just are not aware it is a thing at all.

>What are they learning?

Here, their "major" as you say in the US. Someone in econ, biology or even CS is not going to learn Outlook rules. Maybe IT or business will have a sentence on it.

>Where will they be qualified to work?

Any office job. Any job really.


In my experience, it’s hard enough to make students check their school email in the first place. Let alone filter it.


As a ugrad, and later a PhD student teaching, everything is explained the first day. If you can figure it out you just fail the class (or go to office hrs to get help, etc).


As an associate professor, I do explain things the first day, but I am certainly not permitted to fail students as a consequence of not checking their email daily.

Even if they didn’t hand in an assignment at all, without any reason provided, I’m required by regulation to offer them a second chance to pass that assignment.

The students’ rights are quite strong here (Northern Europe), which I generally support, but it has some downsides.


Interesting. I remember very strict rules on turning in programming assignments (as a student, and later TA). On time, printed properly, in a specific envelope, labeled as specified in the right location.


it's MS software, i think it's inanely difficult


Didn't you hear? Chat apps and iMessage (SMS included) is the new email.

Delete

Delete and Report Spam


Students having records of what their score was doesn't prove to the professor / university what score they received. "FWD: Exam 1 Results" is not especially auditable.


If only we had some way of signing messages


The technology isn't there yet (。•́︿•̀。)


Though in a case like this attackers would likely revoke (or publish) the private key.


Ah, perhaps we could put it on the blockchain! /s


> Students having records of what their score was doesn't prove to the professor / university what score they received

It's better than nothing. (And good training for the real world.)

Also, most universities (and many schools now) issue academic e-mail addresses to students. In those cases, the email is definitive proof.


DKIM signature could be used to verify that Canvas' server sent the email with the given content


Good luck having people forward an email a) with headers and b) in a way that doesn't break the signature...


And who exactly do you think is going to verify 100s of thousands of emails this way dude?


A computer?


Emails from Canvas saying a grade is available do not currently include the actual grade in the email, so that would have to be implemented first. And it's probably not implemented quite intentionally because of FERPA.


As opposed to a screenshot of a website? Presumably the professor has a spreadsheet of all assignment grades that is submitted to the school?


> Presumably the professor has a spreadsheet of all assignment grades that is submitted to the school?

This would undermine Canvas's lock-in.


Canvas is built to automatically export its gradebook to an external system. It will do that automatically every day if you want it to. Teachers or others can manually export to the configured foreign system on demand. So if you grade something and want it to show up in the foreign gradebook without waiting for the daily export, you can just press the button to make it happen right away.


i cannot believe how much benefit of the doubt people are giving canvas

ed tech is the WORST performing VC sector

the ONLY game in that town is vendor lock-in! are people joking?

c'mon, canvas is a huge piece of shit. the SaaSpocalypse is coming for them - it seems it is simply that LLMs will be used to exploit it first, rather than universities writing an open alternative they share with each other for free.


Canvas is AGPL licensed. Moodle is GPL. Universities or anyone else can already contribute to big name LMS.

Canvas is used by Harvard, MIT, Stanford, Carnegie Mellon, CalTech, etc. If they each paid 10 FTE, they could set up a foundation that could govern the development of a top-tier LMS. Every tier-1 state institution could contribute 5 FTE. Even little JuCos could chip in an employee here and there. You'd pick up hundreds of capable employees at a fraction of what those schools currently pay to Instructure.


How well has this worked for Open edX?


Why do they all pay for it then? Seems pretty universal in the UK too. Is it having the benefit of someone to blame when things go wrong?


When the IT department is also the developer of the software, instructors will demand their feature be included in the software: they need a gradebook column that counts as extra credit, missing work, a dropped score, and 40% of the final grade simultaneously, but only for students who email after midnight during finals week.

IT department will then build the feature as instructors are high-status and IT is low-status, and they aim to please. The software will collect hundreds of these over time. The institution will accumulate more developers, QA, a11y testers, PMs, instructional design consultants, and more PMs to deal with the instructors. The institution will then move to SAAS solution where the instructor is forced to join Canvas Jira and submit their feature request. A product manager at Canvas will then post to Jira and say thanks for your feature request, we will consider it. Game over.


On paper your idea seems obvious. You take a bunch of institutions that actually teach students how to program and have them cooperate to build an open LMS that benefits them all.

In reality, universities always spin off anything that looks like it could generate revenue. It is very telling that you can't even get your college transcript from your college. You have to go to (and pay) some third party to get it. Some universities even outsource their "classes" like elderhostel to cruise lines and travel companies.


> rather than universities writing an open alternative they share with each other for free

That already exists [0], and is actually reasonably popular.

> the SaaSpocalypse is coming for them - it seems it is simply that LLMs will be used to exploit it first

I doubt it, because enterprise sales has nothing to do with how good your product is, how expensive it is, how easy it is to administer, how secure it is, etc.; it only depends on how good you are at enterprise sales. I mean, my university is Oracle-based, and I'm pretty sure that you could get 3 random undergraduates to write something better, so I don't think that LLMs writing better/cheaper software will make any difference here.

[0]: https://moodle.org/


Nope! We're encouraged to keep all that exclusively in canvas. (As noted, I have my own spreadsheet. But I'm an outlier.)


Presumably the system will be back up eventually, so there's not much benefit to lying here, since at best you'll raise your grade in a few classes for a couple months, while taking on a pretty big risk of getting caught.


You forget things can be signed, with the key owned by the school. It can be done.


Does signing really make this easily auditable from the professor’s perspective?


Exactly this, when was the last time a HN user had to interact with the prototypical 60-year-old set-in-their-ways professor?

Extremely non-tech savvy, hates computers, and is gonna grumble "What the hell is a PGP? Better not be another one of those phone code things." as you try to pitch this highly-technological solution to a largely niche problem domain.


They don’t even need to not be tech savvy. This stuff just registers as “hassle” to most people so they do the bare minimum or search for ways to not deal with it at all. It’s easy to “tut tut” at them but ultimately we need to accept reality: privacy, security, these things take extra effort that isn’t strictly necessary for people to go about their daily lives even though the stakes can be super high. It’s not a problem until it is, so they aren’t really barriers that require people to do the work. It’s like convincing someone who just simply doesn’t want to go out and buy/install a lock on their door to go do it, except it’s not even a one-time thing. Their door works fine. They can come and go as they please. It’s not until something happens that they maybe change their tune (and even then!)

Hell just getting people to do secure passwords is a whole thing.


I mean a cloud based learning management system also seems to be a very technological solution to the very old problem of checks notes grading quizzes?


Makes me glad I've always avoided doing my work on web platforms. When we used to have to make presentations in Google Slides I used to do them in Org-mode, then export to Sheets. I still have all those assignments sitting on my disk. Sure, there's versions of them on Google Drive, but I always make sure that the canonical version is the one on my disk.


>It’s so simple to send an e-mail to the student ...

What seems easy on hobby projects gets way more difficult at scale. Source: experience.


For what they charge for these LMSs, they should definitely be able to sent some emails.


No concerns about privacy or regulatory considerations that might vary by jurisdiction? Just yolo it and deal with breech later?


> They don’t do it, because they want to control the data.

Ironically, this incident shows they don’t have control of anything.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: