Unneeded centralizing

“News” item:

Canvas (Instructure) is down nationwide during finals, blocking access to the LMS for thousands of colleges and K-12 schools. Early reports suggest a ransomware or hack with ransom demands, disrupting grading, submissions, and communication. The outage coincides with peak end-of-semester activity, prompting emergency responses and renewed scrutiny of edtech dependencies in higher education.

Edtech dependency is a problem, but this isn’t about edtech itself. This is what happens when you let ONE corporation control all of a field, whether it’s cars or chickens or courses.

ONE corporation is much more vulnerable to disease in agriculture, strikes in industry, and hacks in software. The work involved in hacking is the same for a thousand-dollar system or a billion-dollar system, but the reward is vastly larger for a monopoly. This is why Windows gets hacked more than Mac or Linux.

The outage gave me a much-needed snow day in developing courseware. I have to make things work in Canvas because the vast majority of colleges use it now. A Canvas license is EXPENSIVE, but apparently less expensive than Blackboard, Moodle or Brightspace.

What are you paying for? Not much, except the risks of overcentralizing! Canvas doesn’t provide a unique service even when it’s working. It provides a secure login and keeps track of completion and grades. That’s about all. Universities have their own secure logins for other purposes, and have their own databases.

Hmm. If there was only a universal interface, we could skip the centralized expensive Canvas! Packages from different publishers could work on any server large or small!

Well, there is. SCORM is a universal API for recording grades and similar data. It was around long before the big LMS systems like Blackboard and Canvas. My software works through the SCORM API to talk with LMS systems, but the same interface could also feed numbers to an individual database. Along with Rustici’s ScormCloud, there are open source SCORM servers available.

Essentially the server only needs to respond to a few standard commands. Initialize, GetValue, SetValue, GetError, Finish. It needs to give standard responses for the possible conditions of Initialize and GetError. Aside from that, the Values in SetValue and GetValue could be anything needed by the school or company. Grades, prices, names, poems, links to Youtube clips.

I could write a private server in Python easily, but it wouldn’t help to test my stuff because Canvas has a lot of undocumented fussy points. A package that works properly with the Scorm interface itself won’t necessarily work on Canvas.

= = = = =

Later after reading more: “News” accounts mention that people saw a message from the hackers instead of the regular Canvas login page. I didn’t see the message, just saw a standard Down For Maintenance page. The long list of allegedly “affected” institutions doesn’t include the private testbed that I’m paying $3600 a year for. It appears that the hackers are following the efficiency guideline above, not wasting effort on the smallest targets.