undefined | Better HN

0 pointsSoftTalker2d ago0 comments

So many universities used to run homegrown or on-prem student systems. This is the downside of consolidating in the cloud. If the infrastructure is compromised, it affects everyone, not just isolated or single installations. I wonder how they are feeling about that decision now? I guess they can say "not our fault" so they might be feeling better than if it was a vulnerability in their own system.

0 comments

dylan6042d ago

Yeah, if they had spent the time and money to roll their own that got hacked, they'd be responsible. Now, they can just clap their hands and show them palms up to you like a black jack dealer and walk away from the table with no responsibility. Probably one of the biggest benefits of using a product instead of building your own.

kelnos2d ago

It's annoying that this is how internal politics usually works. Decision-makers at an org should be considered just as responsible when a third-party choice goes bad as when an internal tool goes bad.

zephyreon2d ago

You’d think this is how it works but universities and schools will still end up holding the bag at the end of the day, irrespective of who is responsible.

crazygringo2d ago

If an exploit is found in the software, hackers will often be able to attack hundreds of separate institutional installations in an automated way just as easily. And depending on the exploit, potentially more easily if on-prem admins fail to take all recommended security steps.

I'm actually much more interested if there is any financial liability for Instructure here? It's interesting that it's the universities being ransomed, while the technical failure was Instructure's. We're used to uptime SLA's -- what about security breach SLA's?

harikb2d ago

> It's interesting that it's the universities being ransomed, while the technical failure was Instructure's.

My guess would be they get likelihood of getting paid when blackmailing 9,000 schools (at least a few would pay up) than blackmailing Canvas/Instructure.

I don't think any SLA/terms would change who gets to feel the pain.

poopmonster2d ago

My guess is that they believe by maximizing their attack coverage, the odds are greatest that some of the institutions will pay up. And otherwise, they can still make a bit of money by selling the data.

Don't ransom all your eggs in one basket

walrus012d ago

Running on prem or homegrown systems used to be considered a core competency of having a computer science department and a campus-wide IT/networking staff at a university. In the environment that exists today in academia, for instance, BSD would never be created because somebody could just pay a third party external vendor for some packaged product. What happened in the past 20 years to change that? I really wonder.

chii1d ago

But you don't extend that same argument for an agricultural research department by asking them to have a homegrown farm for supplying the university with food!

I dont think a competent CS department requires their being a homegrown or on-prem system for use in the university. That could happen, but if resources could be better spent by purchasing rather than building, then that should be the correct choice.

walrus011d ago

Well, even in the mid 80s for example when many universities and their CS departments were heavily into DIY in house software development, none of them were expected to write all of the software used by all of the university. Ordinary workstation platforms were still purchasing MS-DOS 3.3 licenses with their hardware or Mac OS with their macs, etc. And things like Microsoft Office, Wordperfect.

Universities which do have large agriculture/farming related departments often operate their own small scale test/development/experimental farm.

frollogaston2d ago

It's still more secure this way, especially with AI hacking making it harder to rely on obscurity.

Also yeah there is value in being able to blame another party, and also being down when everyone else is down.

motorpixel2d ago

Is there a good self-hostable FOSS version of Canvas/Blackboard?

ktkaufman2d ago

Canvas is open-source and can be self-hosted.

m4lvin1d ago

As Wikipedia says, "some official plugins proprietary". So "can be" is doing a lot of work in that sentence. I would at most compare it to saying that VS Code is open-source.

zipy1241d ago

Moodle?

j / k navigate · click thread line to collapse