The Term Papers

This is a photo of the stack of term papers I’ve basically been living with for the past two weeks. I take them with me almost everywhere I go: waiting in the emergency department at the hospital with one daughter, taking another daughter to music lessons, while another of my classes is writing their final exam. (Note: I do not take them with me to the bathroom. Because ick.) I have to take the papers with me so that I can finish marking them by the date of the final exam--my self-imposed deadline. Once, I wasn’t able to finish marking term papers by the final exam. I asked students to come and pick up their marked term papers--the ones I had spent hours and hours carefully marking, covering the pages with important feedback. Almost no one came to pick up their term paper. So now the deal is: Hand in your final exam, get your term paper.

This year, I had the luxury of having two whole weeks to mark 27 term papers. Some years, I’ve had as little as a week. That was a nightmare. I marked, ate, and slept. In that order. It’s much better when I have more time to read and enjoy the term papers. Yes, enjoy. I often learn some new things. For example, this term, I read term papers on toxic behaviour in online games, improving patient safety, error in aviation, design for left-handers, product design, design for the elderly, elderly drivers, issues in laparoscopic surgery, ergonomics of back injuries, technostress, driving safety, physical ergonomics of dentistry, ergonomics and aesthetics, designing for crime prevention, effective traffic signs, usability of the web, emotion and design, and human factors and automation. (There were multiple papers on some of these topics.)

I hope the feedback I’ve given on the papers is useful; I provide constructive feedback as much as possible. It does no good to write “This is dumb!” or “This makes no sense.” Some students struggled a lot with grammar--so much so that it gets in the way of what you’re trying to communicate. If that’s the case, I strongly recommend that you see the Centre for Writers for help in the future. Getting help should not be seen as a shortcoming; instead, view it as working on improving yourself. Everyone could stand some improvement--even the person whose term paper earned a mark of 100% (the first time ever). Because even that paper had a couple of APA style errors. Tsk.

Why aren’t you studying?

The Awards: 16

I am happy, honoured, and humbled all at the same time, because I have been named to the Department of Psychology’s Teaching Honour Roll with Distinction for all three of my Fall term courses. In 17 other PSYCO courses, the instructors were also awarded this honour (and another 10 courses were placed on the Honour Roll). Congratulations to my fellow instructors! Over the past semester, I have organized the Teaching of Psychology Brown Bags, a monthly seminar in which instructors share their teaching strategies, successes, and failures with each other. It’s amazing to see the innovation and devotion to teaching shown by my colleagues. It has inspired me to continue to try some new things in my own teaching.

A great big thank you to students who take a few minutes out of their busy lives at the end of the semester to complete the online USRIs (Universal Student Ratings of Instruction). This is just about the only way that the Department and Faculty evaluate me, and make decisions about whether to extend my contract. This makes USRIs especially important to me; I’d like to continue with this teaching thing.

As usual, I’d like to share with you some selected comments from Fall term (warning: my replies may contain sarcasm, and may cause itching and redness).

PSYCO 282: Behaviour Modification

prof reminded me of jim carrey!
(Aaaalllllrighty then!)

overall, reinforcing ;P
(I see what you did there.)

This course was one of my favourite psychology courses ever. The material was incredibly interesting and was covered well. Not only did we learn the basics but we were provided with many opportunities to learn from examples and gain a better understanding of how to apply the material. Dr. Loepelmann's notes were so well organized and I loved the website that he provided as a convenient location to find everything we really need for this course. I did not participate in the iClicker questions, however I always tried to get the correct answer before it was revealed to us. I loved this course, it was incredible and I've raved about it and Dr. Loepelmann all semester. The self-management project was a cool assignment. This course made me so interested in the content and application that I have looked into becoming a certified Behaviour Analyst in the future.
(Wow. Okay, you may be the first person to be so inspired. Good luck!)

This course was so boring, it just reiterated the same dull points on operant conditioning thousands of times during the semester. Maybe add more course content
(So, your criticism is that the course it too boring, and there wasn't enough of it...)

This class was very interesting and informative. The professor was very enthusiastic about the class content which made the class more engaging. I enjoyed the project and will continue to use the techniques I've learned this semester.
(I hope you do. No one ever tells me how that works out, though...)

The textbook shouldn't be required if some parts differ with the lecture notes. That makes it confusing to study for the exams.

There was A LOT of discrepancies between the textbook and the lecture and oftentimes the instructor would tell us not to listen to the textbook, if the textbook is always wrong, why did he make us buy this edition? We spend a lot of money on the textbook and he stated it was mandatory, but the instructor mostly tests on the lecture anyways.
(We have to be able to tolerate ambiguity and uncertainty. In science--as in life--there is rarely one single answer that everyone unanimously agrees on. I know this makes it more difficult to answer questions on an exam, but it will help prepare you for life after university. It wouldn’t be fair to you if I presented course material in an overly simplified way. Also, only about half of the exam questions were based on lectures, exactly as I told you in class.)

The instructor's notes were extremely redundant and it was extremely hard to pay attention in class because all his notes were strictly words without ANY pictures to help aid in our understanding of the course material. The instructor was not very engaging and just went through his notes accordingly every single class. The instructor also made it EXTREMELY difficult to pay attention due to his notes only being fill in the blanks.
(So I’m sticking too close to the textbook? EXTREMELY closely? Yes, I could add pictures. What pictures would you like? Pictures of behaviour? Funny kittens? Research has found that extraneous pictures in PowerPoint slides actually impede learning of the material. Would having more blanks help you to pay attention? Or you could just forget about my notes and write your own.)

The instructor is highly knowledgeable in behaviour modification and is very enthusiastic when he teaches the course. He treats his students in a respectful manner and continually engages his class with a variety of activities. He is an excellent instructor, and I would highly recommend him to students looking to take this course.
(Thanks!)

Overall great course and great instructor! I enjoyed coming to class and it would not have been the same without Dr. Loepelmann's enthusiasum and sense of humor. Lecture time was used effectively and the videos which were showed in class were interesting and also helped to explain important concepts. Textbook was a great resource and the readings were managable. One suggestion I would make - make the iClicker count for participation marks. We're using it so often, it seems silly to not have it count for marks.
(The issue is that some students literally cannot afford a clicker, which would then impact their marks. I am thinking about this, and I think I have an acceptable way around this issue that I will try in my smaller Spring class.)

A rebuttal to your argument for iclickers. Iclickers are $80 at the bookstore. That's a ridiculous amount of money for tool that does one thing, and will likely only be used in a few classes. Also, the answers to your questions are biased: not everyone has an iclicker.
($80? According to the Bookstore website, a new iclicker 2 is $57.30 and a used one is $43.00--and you get half of that back when you return it. REEF Polling, which you run as an app on your phone, is even less, at USD$20.99. I know that answers to questions are biased; remember, in the first class I asked a question that demonstrated that to the class? I did that to encourage those--who could afford it--to get a clicker.)
Really liked the fill-in-the-blank notes style - it forces people to come to class and pay attention, which is a really good motivation for students who don't always show up. Made things very clear in class and I LOVED the text book used for this course. Very straight forward and an easy read - cleared up concepts and the fact that the notes were a really good reflection of the text books is an extremely great help for students. While I can say that some of the material is bland, this professor made the class fun and I truly enjoyed learning about it and I feel semiconfident applying it in real life.
(I hope you try applying some of the principles to real life!)
I would prefer to upload a PDF instead of writing into the text box, because I'm worried that my computer will crash and all of my work will be gone. Keep up the good work, and keep cracking the Dad jokes, it makes class more bearable.
(Because you will have to resubmit older parts of your project, you should keep a word processing document with all parts. That is, you should write your answers to part I in a Word file. Then copy and paste those into the text box. Then, do the same for part II. Again, just copy and paste your answers to parts I and II into the text box. If your eClass goes down or your browser crashes, you still have your answers safe in the Word file. Do you want more Dad jokes? Try Nice One Dad. )
Sometimes, videos shown in class were too long and boring.. some really didn't help me understand the material any better.
The only thing I think should be added is in the notes links to videos that were presented in class should be present. I enjoyed some videos shown in class but couldn't find it anywhere.
The instructor would show supplementary videos in class but would never link them on his notes for us to go back and watch them.
(Hey, just ask me if there’s a video you want to see again. Many are available on YouTube.)
Hopefully the notes can be made downloadable easier in word or pdf version.
I enjoy the types of notes he provides, I don't like how it's on a separate site from eclass.
(There’s always hope. Like, for example, in Rogue One, you can hope that everyone survives at the end of the movie. Er, well. Don’t expect my notes in Word or PDF ever. On this page I explain how you can get the HTML page into whatever text editor you wish. I use HTML because it is much more flexible than any other format, and is also accessible to those with disabilities. If I put my notes on eClass, there are a lot of cool CSS and Javascript things that I can’t do. And updating my notes on eClass is a slow, painful process.)
I hope he teaches other psychology classes so I can take them!
(Well, sure I do. I keep an updated list, if you like to take more of my courses--or avoid them.)
Everything about this course was well constructed, and your instruction faultless, with the exception of your voice, which sounds exactly like the character Dave on the youtube series Gayle, which I personally find rage-inducing, but others may not. An adult education theatre class or vocal coach could help you with that, should you so desire, but it's of course a relatively minor issue.
(It could be worse. I could sound exactly like Gayle Waters-Waters herself.)
Dr. Loepelmann is so enthusiastic about teaching its contagious. It is clear he has put in a lot of work on the course content and he really has made a conscious effort to put forth the best psychology course he can. I wish he taught all my classes because he is one of those teachers who you can just tell care. Some profs are just in it to do their research, so it is refreshing to take a class with someone who actually wants to be here, wants to teach, and clearly loves what he does. Best prof ever
(Thanks)

PSYCO 403: Advanced Perception

This class can be big or small, very great lecturer and very responsive! Great job
I love how enthusiastic you were when teaching, it made the class more interesting and enjoyable! Thank you.
I liked having the weekly quizzes but the format for the exams was tough; I felt that I never really knew what exactly to put for full marks, even by following the suggested format.
I enjoyed the class and the prof's sense of humour.
Dr. Loepelmann is very enthusiastic about the course subject matter and did his best to make the course interesting.
Dr. Karsten's way of teaching is really good, enjoyable, and makes you just want to be in the class! I have learned so much from this class and workload wise is very doable. Overall quality of the course is excellent!
(Wow, thanks everyone. This was one of the smallest classes I’ve ever taught, so I was concerned about how things would work out. Weirdly, I’m more worried about small classes than big ones.)
Also, not sure if it was just me but a few of the lectures came out weirdly when printing them out. It might be on my end or some formatting issue. Probably on my end but the lectures in question were some of the beginning ones after the midterm
(I’ve had a look at all of my lectures--across all of my courses--and have extensively modified the HTML code, so everything should look ok now. Sorry for any problems! Please let me know if you encounter problems.)

PSYCO 494: Human Factors & Ergonomics

overall the course was really good. The prof took a potentially dry subject and livened it up with case studies and videos. The class would have been much better if during times of class participation, people weren't afraid to talk. It was like pulling teeth. The prof tried to change that but just the group sucked.
Interesting course! Definitely would recommend more in class discussion to help with student engagement
(This term, I tried adding some more discussion/small group discussion activities in class. It needs some refinement, but I’m hoping this will engage everyone more. You’re right, sometimes it just depends on the makeup of the class as a whole--but I would never say that an entire class sucked.)
Terrified of airplanes... but in general really enjoyed the course and material that was covered! I find myself paying attention to design details that I had previously never really noticed, and analyzing design in systems that I encounter in my everyday life. This course was recommended to me and I had no idea what human factors and ergonomics meant beforehand, and now I enjoy explaining it to people who are baffled by the course name and how the two concepts are related.
(Oh noes! I don’t want anyone to be terrified of airplanes after taking this course. Remember the graph I showed in class about how deaths in western commercial aviation are at historic lows? You’re safer flying in an airplane than driving to the airport! Er, um, you should probably pay careful attention when driving, though.)
I have nothing negative to say, maybe this is due to recency bias but I think you're the best instructor I've had over the course of my undergrad. One comment I'd like to make is; even though you didn't get any audible laughs from your jokes, I found them very endearing so keep making them.
(Good application of cognitive principles there. So, my jokes are good at eliciting, er, silent laughs?)
I think the format of the midterm was presented to us a little too late - I had been studying all the material, but then the class before the midterm we found out that the exam would ask us about a bank of main terms and ideas, so I did not feel like I had sufficiently studied the main terms - I would've spent my time differently if I had known this a week ahead of the exam. Otherwise, I thought this would be a boring class but Dr Loepelmann made it really entertaining. He did a really good job with a really quiet, unresponsive class, and always made ideas and terms memorable with his examples.
(The format of the midterm exam is described in the syllabus. And in the first class, when I presented the learning objectives, I noted that they were important because essay exam questions would potentially be based on them directly. I’ll try to explain the format of the midterms more clearly in the future.)
Dr. Loepelmann is a great professor, and he tries to make the course interesting by bringing in interesting examples or case studies. Overall, really enjoyed this class.
(Thanks!)

Why aren’t you studying?

The Compliments

I was surprised on Monday to receive a “bouquet” of compliments, courtesy of UofA Compliments--thanks!




Thanks to all three anonymous students who took the time to say a few kind words, as part of UofA Compliments’ Dear Prof Campaign. (Shout out to fellow psychology instructor Dr Michele Moscicki who also received some compliments.)


(You must've seen my last post.)

(Science, FTW!)

 (Thanks, I love my job!)

UofA Compliments, along with the UAlberta Alumni Association, is organizing PositiviDay on April 12 (the last day of classes, yay!) from 11:00-2:30 in Quad.

You can follow UofA Compliments on Instagram, Facebook, and Twitter, or visit their site.

Why aren’t you studying?

The Instructor of the Month

If you’re perusing the Faculty of Science website this month and happen to come across the “Instructor of the Month” section, you’ll see a familiar mug looking back at you. (Spoiler: It’s me.) I don’t know who nominated me, but thank you. In keeping with the behind-the-scenes theme of this blog, I'm going to take you, well, behind the scenes of the photoshoot.

These kinds of things are decided way in advance. I first learned of this award last July. A communications person from the Faculty of Science let me know, and asked me to answer the questions you see on the website. Happily, what you see on the website are my answers, unedited. (OK, not totally true. In answer to the question, “what do you think is the key to connecting with your students?” I first said, “I don't know--maybe you should ask my students!?”)

The next step was to set up the photoshoot, which was scheduled for August. (See? Way in advance.) It felt a little weird dressing up in a shirt and tie in the middle of summer when I wasn’t even teaching classes. (Notice my tie? Like it? Want to buy one? Sorry, it’s out of stock. But ThinkGeek.com has lots of other cool themed ties.)

If you look at some of the other photos accompanying Instructors of the Month, you’ll see that they were taken in a range of locations--in the field, in classrooms. Since it was a nice sunny day, I think the plan was to shoot the photos outside. But when the photographer, John Ulan, stepped into my office, his eyes got big and his head swiveled around checking out all the stuff that my wife won’t let me keep at home. Terminator 2 head. Simpsons poster. Count Chocula/Boo Berry/Frankenberry cereal boxes. Batman bobble-head. It seems shutterbugs like to shoot interesting things, and yeah, I guess my office is pretty interesting. So John decided to take my photo in my office. (Heck, my office looks way more interesting than me.)

Here’s a breakdown of the things you can see in the photo. In the background is my Legion of Super-Heroes (v4) poster from 1993, drawn by Canadian artist Stuart Immonen. Below that is a drawing by my eldest daughter. There’s a lot of stuff going on in that picture; if you look closely, you’ll see a My Little Pony pegasus. On the shelf is the Sigmund Freud action figure that I mentioned in the article. In the foreground stuck to my filing cabinet is the Ravenclaw magnet that I bought when Harry Potter: The Exhibition was at the Telus World of Science three years ago. Because Ravenclaw. The magnet is holding up a gag Back to the Future $1,000,000 bill that a friend bought for me. What you can see in the photo is only a small fraction of the geek stuff  in my office. You can’t see the autographed photos of Billy Dee Williams, Dirk Benedict, Lee Majors, and Nena. Or the collection of thank-you cards I’ve received from students over the years.




(So why do I have all this junk--I mean valuable memorabilia in my office? Aside from the fact that my wife won't allow it in the house? I enjoy watching behind-the-scenes features on my favourite movies, and I love listening to all of the commentary tracks (even the ones with the second assistant director and the key grip). On Pixar's old DVDs, they would show the workspaces of their employees--a lot of desks with computers. But there were always tons of toys, models, and cool knick-knacks everywhere. They claimed that having all of this clutter made them more creative. Sounds good to me (and look at how creative and innovative Pixar is). So I've done the same. Has this boosted my creativity? I dunno. But it's made my office a whole lot more interesting.)

Although there's only one photo in the article, many, many more were taken. It's a bit...embarrassing to have this kind of attention. I don’t think I’ve done anything special to deserve all this--just doing my job (and happy to do it). And look at the company I’m in. Two other outstanding psychology instructors have been given this honour already (Anthony Singhal and Michele Moscicki), not to mention a couple of other amazing instructors I worked with on Science 100 (Gerda De Vries and Vincent Bouchard). Wow. Now I’m really going to have to up my game.

Okay, time to get my head out of the clouds and get back to work.

Why aren’t you studying?

The Accessibility Resources

If you’ve never heard of "Accessibility Resources", it’s probably because you don’t require their services, and this post is not for you. If you want to know more, check out their website. They were formerly known as Student Accessibility Services (SAS), and before that, Specialized Support and Disability Services (SSDS). Yes, it's hard to keep track after three different names in four years.

This post has been written for students in my classes who write their exams under Accessibility Resources' supervision. Specifically, it’s to explain some gaps in their procedures, and how we can work together to ensure that exams run as smoothly as possible for you, for me, and for the rest of the students in the class. It also relates to the reason why Van Halen insisted that there be no brown M&Ms in their dressing room.

The Letter
First, give me your letter. You know the one. The Letter of Accommodation. This introduces you to me, and lets me know that you would like to write your exams with Accessibility Resources. Log in to Clockwork, complete all the required information, and then it will send me an email notification. Or you can give me a paper copy of the letter. Or send me a PDF of the letter. Or send me a link to the PDF of the letter. But you must let me know--as soon as possible, if not sooner. Do not give me your letter a day before an exam. Do not give me your letter a week before an exam. (Accessibility Resources actually requires me to submit exams to them one week in advance.) I've had students write exams at Accessibility Resources without giving me the letter. This is not good. The letter does not tell me what to do. Rather, the letter is your way of asking me if I will permit you to write your exams at Accessibility Resources. (From Accessibility Resources: "Without the letter, the professor can refuse to accommodate the student.")

Once, after I scolded a student about not giving me the letter sooner, they told me "I'm writing the exam at Accessibility Resources because of my ADHD, and my not giving you the letter is a manifestation of that disorder." Wha--? Do not be that person. Do not make excuses. Take responsibility for yourself.

(If you have already registered with Accessibility Resources and it has sent me your letter, thanks!)

The Exams
I send my exams to Accessibility Resources via their secure website, called Clockwork. (I believe I was the first instructor ever to email them exams in PDF format over 17 years ago to help accommodate a vision-impaired student.) After exams are written, I ask that they are returned by the student in a sealed envelope to the Department of Psychology General Office, BS P-217, which is in the Psychology wing of the Biological Sciences Centre. Here’s a map. The person receiving the exam at the General Office will sign a receipt slip. Do not lose this; it’s proof that you returned your exam. It is extremely important in cases of lost (er, misplaced) exams.

When returning your exam, please note that the hours of the Psychology General Office. During Fall/Winter terms, they are open from 8:30 a.m. to 12:00 p.m. and 1:00 p.m. to 4:30 p.m. every business day. If you finish your exam at Accessibility Resources at 11:59 a.m., well, don’t bother running to drop it off--you’ll have to wait until the office reopens after lunch.

What if you finish your exam, but there’s not enough time to return it that day? Say you finish at 3:55. There’s no way to make it to the office by 4:00. In that case, my instructions are for you to return the exam as soon as possible the next business day. (I don’t know if Accessibility Resources allows you to keep the sealed exam in your possession overnight; check with them on that.)

It’s very important for me to get your exam back as soon as possible for a couple of important reasons:

1) I calculate a lot of exam statistics. Really, a lot. If your exam gets to me too late to include with the rest of the class, I have to mark it by hand. That means it’s not included in any of the exam statistics for the class. I don’t like having incomplete data; I want to get the most complete picture of a class’s performance possible--not leaving anyone’s data out. Plus, I hate hand-marking multiple choice exams and am prone to errors, despite my best efforts.

2) I process and post exam results quickly. Very quickly. My goal is to be faster than anyone else on campus. I have, on more than one occasion, posted exam results the same day. To do that, I bring all of the exams to TSQS personally as soon as possible after the exam. However, if students are writing their exams at Accessibility Resources, they are often given extra time. That means I have to wait until you’re done, and have delivered your exam to the General Office so I can include it with the rest of the class. In other words, not only am I waiting on you, but the rest of the class is also waiting for you to deliver your exam.

On more than one occasion, a student has had the exam with them after completing it, but didn’t deliver it to the Psychology Office because it was closed for lunch or closed for the day. Then they forgot about it. Only after several days passed did they remember and drop off the exam. In the meantime, I’m frantically calling Accessibility Resources to find out where the hell your exam is. They don’t have time to search their records for who did or didn’t write an exam, and they get pissy about it if you ask them to do so. Maybe they’re pissy because I’ve asked them “Where the hell is the exam?”

What if you’re sick or something comes up and you don’t write your exam at Accessibility Resources after all? One thing’s for sure: I don’t know about it. Accessibility Resources doesn’t call or email me to say that you didn’t show up. All I know is that I don’t have your exam. This is bad when it comes to midterms, but it’s even worse for final exams. Say you miss a final exam for a legitimate reason. You do what you’re supposed to do: go to your Faculty office and apply for a deferral of the final exam within two working days of the originally scheduled final exam date (NOT the date you write the exam with Accessibility Resources). Great. But in the meantime, I don’t know where the hell your exam is. Do you have it? Does Accessibility Resources still have it? Did you even write it? I don’t know. And I can’t ask Accessibility Resources. (See “pissy” above.) So the pile of final exams from rest the class sits and waits. I would love to process the final grades--students are starting to pester me about why the results haven’t been posted yet--but I can’t, because I’m still waiting for your exam.

(You might be wondering why I don't just go and pick up the exams from the Accessibility Resources exam office myself. I've tried that, several time. One year, I had an impending flight out of the country, so I did not want to rely on students to get the exams back to me. The incident involved multiple exams written at different locations, misplaced exams, and a whole lot of me running back and forth. It did not go well.)

If you do NOT write your exam with Accessibility Resources for any reason (incapacitating illness, severe domestic affliction, religious belief, or you just decided to write it with the rest of the class in the classroom), TELL ME as soon as possible. Email is preferable; this gives me a record that I can refer to, if need be.

If I have sent you an email asking you to read this post, now’s the time for you to send me a reply email acknowledging that you have read and understood this post, and agree to the conditions that I have specified. This is the part that relates to Van Halen. The band wanted a way to ensure that their contract was read all the way through. If there were brown M&Ms, their contract was not read completely. Snopes explains it all. So, if I don't get an email from you, it's like there are brown M&Ms. Thanks.

If I haven’t asked you to read this post, well...

Why aren’t you studying?

(Updated 8/17/2018: updated Accessibility Resources' name.)

The Computer Breach

This post is about a serious breach of computer security that occurred in the last weeks of term last year, affecting thousands of UAlberta users, including me. This post has been created by drawing from numerous sources, including mass emails, news reports, and official blog posts and news releases. There are, however, still unanswered questions that I will explore, and some of the implications of this event.

The Breach
Between November 17 and December 8, 2016, a breach of computer security occurred on the UAlberta North Campus. A forensic analysis determined that 287 computers in 20 classrooms and labs in the Knowledge Commons, CSC, and CCIS had keylogger malware installed on them. This breach was detected on November 22, 2016, and potentially compromised the security of 3,323 passwords belonging to students, staff, and faculty. A further investigation by EPS and the UAlberta IST forensic team determined that another 17 computers were affected, potentially putting another 19 people’s passwords at risk.

The Notifications
A total of 3,304 students, staff, and faculty who had logged into the affected computers during this period were notified of this breach by mass email on November 23, 2016, sent by the Chief Information Security Officer (CISO) of the Office of the Vice-Provost and Associate Vice-President (Information Services and Technology).This message confirmed most of the above information and recommended a course of action that included changing our passwords and monitoring our accounts for suspicious activity. After changing my password, I replied to that email, asking for more information about the malware; I sent the same message again on December 1, 2016 because I did not receive a reply to my first message. I got a reply from the CISO on December 7, 2016 that assured me that no actual information had been obtained due to the workings of the security software (more on this below). The delay in responding was for security reasons, because the investigation was still underway.

So imagine how badly I was freaking out the morning of December 19, 2016, when I wasn’t able to log in to check my email. Or any UAlberta account. My first thought was that the attacked had not only taken my old password, but the keylogger was running on the computer I used to change my password in November. I immediately called IST, where there was an uncharacteristically long delay. The thought, “I have a bad feeling about this” kept racing through my mind. This, however, just turned out to be a mandatory password reset for everyone who had potentially been exposed to the malware; in case you ignored the previous advice to change your password, you were now being forced to change it. Er, no advance warning or anything?

All along, information about this breach was hard to come by. In fact, I’ve gotten much information from articles by CBC Edmonton and the Edmonton Journal, and only rarely from official UAlberta sources. Finally, on January 5, 2017 there was a positive gusher of information sent in an email, as well as posted to the IST blog. I suspect the timing was not a coincidence: the Edmonton Journal had just published an article about the security breach in that day’s newspaper.

The Accused/The Charges
According to news reports, the accused is 19-year-old UAlberta student Yibin Xu. Xu was not named in any official announcements from UAlberta. A search using the UAlberta Directory did not turn up any matching person. Perhaps this student’s status as a student--or, at the very least, their UAlberta computing privileges--were revoked. According to EPS, Xu has been charged with mischief in relation to computer data, unauthorized use of computer services, fraudulently intercepting functions of a computer system and use of a computer system with intent to commit an offence.

Xu was to appear in court on January 10, 2017. I have not been able to find any information about Xu’s plea on this date.

The Protection
UAlberta classroom and lab computers are protected by antimalware software, including Zemana Anti-Keylogger. In the email I received directly from the CISO, there were “blank logger output files resulting from the encrypted inputs” making this incident, technically, a potential breach, not an actual breach. This makes me feel a bit better. However, I have not been able to obtain the name of the malware. Although this might seem like an, er, academic exercise, it’s important for at least three reasons. 1) I want to be sure that all of my anti-malware specifically includes the signature for the malware that I potentially encountered, 2) I would like to know more exactly how the malware works and (more importantly) how it spreads, and 3) whether this was existing malware used by a script kiddie or (much more seriously) custom malware deployed by the accused, specifically tailored to penetrate the UAlberta defences.

The Implications
The last point is important. Why would someone go to 304 different computers, installing keylogger malware on each one? Aside from the time investment required to craft, modify, or at least obtain the malware, how long would take it take to load this software on all those computers? Did Xu have to go to each computer, installing the malware from a thumb drive (which would not require any identifying logon or authentication). Say it takes 30 seconds. That’s a time investment of over 2.5 hours. It’s not clear whether the harvested data would be automatically uploaded, but that’s the most likely scenario. Then, however, you have to sift through all of that data looking for someone logging in. That’s got to take a while, too.

Here are three plausible reasons to go through all this trouble. First, just to prove it could be done. Yeah, malware writers do things for dumb reasons like this; bragging rights. But bypassing commercial anti-malware software doesn’t have to be done on campus, where you’re risking quite a lot for not very much. Thrill of the chase? Maybe, but I doubt it. Virus-writing has come a long way since those early days of macho competition.

Second, a desperate need. You’re failing courses badly. You need some kind of “competitive advantage.” If only you could log into your fellow students’ account, you might be able to steal their lab reports, computing science assignments, and more. While you’re at it, you could also grab some instructors’ credentials. Maybe log in to their accounts at the end of term and...tweak your grades. (Hey, David Lightman did it in War Games!) But isn’t that a lot of work for very little reward and high downside risk? Wouldn’t it be better to spend all that time, say, studying? If you get caught, you’ll be tossed out of university, stuck with a criminal record, and face potential jail time. (If the accused is a foreign student, they may be deported and not welcomed back.)

So that leaves the third possibility: What if the accused is working on behalf of someone else, like a criminal organization or even a nation state? China and Russia are known to have been behind state-sponsored malware attacks. I don’t think I want to know how many criminal groups are happily writing ransomware and other nasty shit--witness recent attacks on Carleton University and the University of Calgary last year.

I’ve been hit by malware before. Once, years ago, my computer contracted the Chernobyl virus, which managed to bypass Norton Internet Security. I actually had to bring my computer in for service to kill that one off--one of the few times I’ve ever had to pay someone to fix my computer. (If I ever see Chen Ing-hau, remind me I owe him a punch in the face.) Another time, my office computer was somehow infected with a rootkit, which took many frustrating hours to remove. Now, I’m armoured to the teeth with firewalls, anti-virus, anti-malware, anti-keylogger software, which do NOT give me any false sense of security. I continue to abide by best practices. But none of us need the worry and hassle of malware on university computers. As far as I’m concerned, they oughta throw to book at Xu.

Lastly, I know I’ve tossed many brickbats IST’s way. They’ve deserved them. But this time, I offer a bouquet: Nice job. Detecting this serious problem in 5 days, and managing to identify the culprit (sorry, accused) means that we at UAlberta don’t end up in the same situation as UCalgary. Because nobody wants to end up like Calgary. (Sorry, couldn’t resist.)

Why aren't you studying?

What I Did on my Christmas Holiday (2016 edition)

I hope you had a good Christmas holiday period! (That's the official UAlberta name for it, by the way.) Campus looks pretty for the holidays. Back when I was a student, there were no decorations like this.

Since you're wondering, here's what I did during the break.
(Why do kids have to get up so early on Christmas day?)

One thing I did over the break was get my car fixed. As I was heading to work for my last office hour of Fall term, I stopped for a yellow light--but the person behind me decided to go through it. Yeah, you can guess what happened. No, no one was hurt (except my poor car). The other person decided to pay for my repairs himself, rather than go through insurance. This can be dicey. I'm glad everything worked out, though. It was good (?) this happened between terms, so I wasn't stuck without a vehicle. The worst part about this? Remember that I was going to work for my last office hour? Guess how many people showed up to my office. Yeah: zero. Ugh. I should have stayed home.
(Crunch!)

Holiday time means I get to spend time with family and friends. My eldest daughter was super excited to see Rogue One: A Star Wars Story. Me, not so much--not after last year's Episode VII. (No, I didn't didn't like much; I felt betrayed by it, as a long-time Star Wars fan. Although it felt repetitive--like watching Episode IV from a parallel universe--I think I know why. The short answer is, well, you have to read Mike Klimo's Star Wars Ring Theory. If J.J. Abrams is clever enough to be extending the ring through this new trilogy, I may change my mind about it. Especially if Rey is both a Kenobi and a Palpatine...). Oh, as for Rogue One? Loved it.

Since my kids were off school, we did some family activities, like sledding:
(No, I didn't actually get on a sled and risk breaking my neck.)

We also made a recipe from a book that I've had since I was a kid: Possum's honey bread:

(Mmm, the smell of fresh bread on a cold winter's day!)

I spent some time catching up with some reading, including Wired DesignLife, a gorgeously designed magazine about gorgeously designed things. Looking at these artistically created products on a screen is nothing like holding the thick glossy pages of a magazine in your hands.
(I still prefer the feel of paper in my hands.)

Break time wasn't all about sleds and breads--I did a lot of work prepping for Winter term courses. I'm going to be trying some new things this term that I hope work out. If not, well, I tried. I don't just want to be doing the same old, same old all the time. I guess it's fitting that I spent much of the end of the year looking ahead to the new one.

Are you glad it's 2017? Many people are. There seemed to be so many lousy things going on (Brexit, the Fort McMurray wildfire, the economy, celebrity deaths, and don't even get me started on Trump. No surprise that so many people couldn't wait for 2016 to be over.

(John Oliver, Last Week Tonight: F*ck 2016)

Let's hope for the best in 2017!

Why aren't you studying?

Find It