Slashdot Mirror
Pinnacle, Online Grades, Skipping School and More
Ishkibble writes "The Matrin County School
Board has a new way of post a student's
grades online for a parent to check. Pinnacle is the name of the
program, a simple java applet. Not only does Pinnacle log student's grades, but
also attendance and conduct. The way grades are accessed are by inputting the
first 6 digits of your social security number and the first 5 letters of your
last name. With a logon system as simple as this, one has to question the
security and privacy of the students. This has been making my life a living
hell for the past 2 months, every night my parents go on and check to see if i have any homework and won't let me do anything till it's done"
So, the only way your parents wouldn't be able to check up on you would be if, say, the site gets Slashdotted? :)
Nipok Nek
Why choose white shoes?
I agree that the security of the system is lacking and probably wouldn't take a lot of effort to circumvent.
However, as a parent, having access to my child's progress in school without continually bugging all 7 teachers is an excellent idea. It gives me an opportunity to see if he needs help without waiting 9 weeks. (Mind you, he has NO problem with asking for help when he needs it.)
You indicate that your parents are putting you through hell daily to make sure you've done your homework -- is this an indication that you've had problems getting it done in the past? Maybe if the HW is finished before the fun is started, they might lighten up a bit in the future.
-- Rick
Well, the authentication mechanism does seem unsecure - that is something the school needs to work on, or they're just setting themselves up for a lawsuit if it's used in an inappropriate way.
But... You complain that your parents find out what happens to you at school? That your legal guardians can find out if you try to deceive them and not do schoolwork? Hear - methinks it's the worlds smallest violin playing the worlds saddest song...
How about actually attending school and doing the homework?
Trust the Computer. The Computer is your friend.
Crack it once and turn them in on a FERPA violation.... (FERPA == Family Education Rights and Privacy Act, http://www.ed.gov/offices/OM/fpco/ferpa/)
I work in a Community College and everything we do with student online statistics and information has to follow FERPA security guidelines.
I think we'd all enjoy a nice cold beverage. -David Letterman
I a Customer who uses this *thing*. It has a Win32 "thick client" that back-ends into a Sybase SQL Anywhere database, and this Java client to allow external users to access the database. The dumb thing uses its own security database, so now when we add new teachers to the district-wide LDAP single-sign-on system, we also have to go manually add them to the "Pinnacle" database.
The company that installed it into my Customer site encouraged teachers to use *hard* to guess passwords like their first names. Further, anybody with an ODBC driver for Sybase SQL Anywhere can just "connect" to the back-end database and "go at it". Couple this with the *rancid* filesystem permissions that the installer put on it ("Oh-- why is is a problem that any user can write to the directory where the "thick client" EXE is installed... Ho, hum."), and you've got a recipe for disaster...
Oh, to be young again...
Oh, by the way son, until today, I didn't know that you posted on
testing out my trending skills
This thing is crying out to be hacked.
True story: when I was in High School, an automated phone service was instigated, in which if you skipped class a computer would automatically call home and inform on you. Well, I had better things to do than go to class Every Single Day, and I sure didn't want to wait around in the evening just to be the one that picked up the phone.
So, once I got the call, I taped it; then, using an acquired phone list of the students, randomly, and at a late hour, called and played this message back. Parents were furious that the school was calling them so late; students were pissed that they were getting calls when they had attended; the credibility of the system was shot to shit. So whenever someone actually skipped, they would just report that it must've been the Mad Phone Prankster and that the call wasn't legitimate. A $30K computer system shut down with $1 worth of Memorex.
Yeah Dawgs! Garfield Class of '88.
--
$tar -xvf
1. You should show up to school, it is your parents responsibility to ensure you do.
2. You should do your homework, again your parents should make sure you do.
3. You should have some privacy, and your parents should let you have it. However if you aren't trustworthy enough to do your homework and go to school, you deserve what you get.
4. The risk of use of this system by unauthorized persons is unacceptable.
This is an arguement of privacy vs responsible supervision, like having the "internet computer" facing back into the room to watch what your kids are doing.
I'd be willing ot bet that if you always show up for school, and always do your homework (or at least get near perfect grades). Your parents won't bother checking up on you.
Otherwise wait till you're 18, then bitch out any school that releases personal information without your consent.
No computer system should *ever* use SSN's as the user name or password. The ubiquitous presence and use of SSN's for such purposes are one of the main reasons identity theft is going rampant these days.
Instead, they should let every parent create their own pair of user name and password that can't directly be linked back to either student or parent (well, unless they chose to use their real names, of course). That's, for example, how Washington Mutual is handling their online banking service.
On a slightly unrelated note, how is this supposed to work in school districts that by law have to give access to illegal immigrants who by their very nature have no SSN? There are quite a few places, namely in California, where the law says that schools can't ask for citizenship or immigration status and have to accept children regardless of that.
"Light is faster than sound." - "Is that why people tend to look bright until you hear them speak?"
RRRRRight. The point of homework is to make sure that you understand the material. Now, granted, there are teachers who will excessive/nonsensical/boring homework which will achieve the exact opposite. But for some of my classes, I'm glad I have some homework so I got something to test on before the real test. This might become more of an issue in college though where there is considerably less time and opportunity to cover everything in class.
As to the not getting paid thing, if a teacher puts efforts into giving good homework, he or she will probably also assign grades to how well you did on it. Those grades are what you get paid with in school.
"Light is faster than sound." - "Is that why people tend to look bright until you hear them speak?"
This has been making my life a living hell for the past 2 months, every night my parents go on and check to see if i have any homework and won't let me do anything till it's done
No offense to anyone, but how is Slashdot supposed to have credibility on "adult" issues like security, intellectual property, and technology when a story has some kid whining about his parents not letting him out to play until his homework is done?
I think it's pretty pathetic and this kid is pretty pathetic, too. When I was kid before computers, you didn't get to play outside until your homework was done, either. Mom and dad checked the assignments, grades, etc frequently to make sure you weren't fucking up.
If grades came back low at the end of the semester for anything but gym, freedoms were further curtailed until they went back up. If they went up and stayed up, greater freedoms were granted.
I'm glad they did this because -- *gasp* -- that's a lot how the real world works, except that nobody pays as much attention along the way, it all comes down to the the final exam.