Using the left side of the TW in centerlized theme

[Atul Grover]

Dear all,

I would like to include a QR code with my students details on the left side (in the centralized theme). This would ensure that the TW remains linked to each student.
They will not be able to make copies of their TWs/share/copy-paste etc. How can I do so?

Regards
Atul Grover

[Danielo Rodríguez]

Hello,

First of all, where do you want the QR to be included? On each tiddler, at a fixed position?

Anyway, what would avoid your students from coping the content of the tiddlers?

[PMario]

On Wednesday, October 29, 2014 11:30:34 AM UTC+1, Atul Grover wrote:

I would like to include a QR code with my students details on the left side (in the centralized theme).

TL;DR I don't think this solves your problem. Even if your students, don't have programming skills.

They are probably young. They are smart. They have friends, with programming skills.
If they are young, they want to have fun.  .... So they _will_ find a way to trick you!

This would ensure that the TW remains linked to each student.

No.
 

They will not be able to make copies of their TWs/share/copy-paste etc.

They will, and it's easy.
 

How can I do so?

This is an interesting problem. I was thinking about it several times already.
But first let me be sure, that my imagination of your usecase is similar to your usecase :)

---------------

If I understand your usecase right:

- Your Students should be able to use TW as there Notebook.

- Your Students should be able to create there assignments / tests / questionnaires with TW, and send them back to you.
  - Based on the TW content you want to grade the content (and the student)
  - You want to be sure, that you can link a TW / tiddler to a student without of doubt.

- You want to be able to make notes and give them back to the students.
  - You want to make sure, that your notes can't be changed, without you noticing it afterwards.
     - I'm sure your students won't change your notes but just to be sure they can't, without you seeing it.

- You need a way to connect the content / every tiddler to a specific student.

- You need a way to connect the content / tiddlers to you, so your assignments / notes / questionnaires can't be changed.

- Sharing a whole TW and just changing the modifier / creator name should not be possible, without you seeing it.

- Since copy / pasting / export / import / can't be prevented, so you want to know, if 2 texts are the same, or very similar.

.... something missing :)

----------------

Some TW basics:

Tiddlywiki itself is a single html file. Html is plain text. So with every text editor you can open and modify it.
So even if you would change the TW UI and hide buttons, tags, what not ... Your students will find a way to trick you :)

This "hiding mechanism" has a name: "security by obscurity" [1] ... and it is "no protection" here (and it never is), because TW is open source.
Everything is open, transparent and can be easily changed.

If your class is IT, javascript, html or css related, imo this would have a great learning effect.
And imo it would be fun, to see who is smart enough to trick you. ... But that's probably not what you want :)

---------------

The possible mechanisms:

If you want to avoid, that users can copy paste content from one TW to an other, without you recognizing it, you'll need a secure signing method.

The main problem here is, that from a security point of view, as soon as you send out your TWs, the whole system is evil and against you.
You can't trust it (from a security point of view.)

mechanism A)
So you need an "end to end" signing method, where both ends is you :)
Your signing method has to be invulnerable against a "man in the middle" attack [3].
So you can be sure, that your content is yours and the initial students TW isn't manipulated.

mechanism B)
You need a signing method for your students, that lets them proof that they did create the content.
This signing method needs to be invulnerable against A) too.

C)
Importing tiddlers from an other TW needs to break the signature.

So students can't share whole TWs, because the TW is bound to a student.
They can't use TWs export / import / drag and drop functions, because this will break the signature.

D)
IMO the most complicated one.
You need to detect if 2 texts are similar enough, that they could have been shared and modified, to look different.

Machines and algorithms are already very good at this. But it would need a huge backend..
So for this point you'll need your experience as a teacher. ... Teachers are quite good at it too :)


I think A) B) C) can be implemented in way that is (almost) completely in the background.

Every user needs a "personalized" TW. So there will be some administration overhead. But this is the same, as with your initial proposal.


What we can achieve:

Imo it would be possible to create a system, where the only way to copy content is:
 - Manual transcription from one TW to the other one. ... But see "manual" ..
     - So if computers are involved it should break the signature.
 - Manual copy / paste content and modify it in a way, that it looks different. see: D)
     - But this is the same amount of work, if you use paper for your assignments.
     - So TW is as strong as paper here :)

------------------

Some more signing basics:

The built in TW encryption doesn't work. Since it is intended for a completely different usecase.

The second idea would be a "public" / "private" key signing method [2] for A) and B).

but ...

IMO a "public" / "private" key system _can't_ be used here. Since it depends on the "private" key to be secret.
So for method A) it may work, but imo is not practical because of the needed overhead.

A student (method B), that wants to borrow TW content, doesn't care about the secure key.
They'll give there private key to the one, that has made the assignment, so they can sign the content with the "evil users" key and you can't see this manipulation.

-------------

The mechanism I have in mind is based on "Visual Cryptography" and some "hashing",
which makes it possible, that you can immediately "see" if something is manipulated.

It should be possible to use the existing core encryption library, plus a new plugin for the "visual crypto" stuff.


!!  Important: This is not a promise, that I'll implement it. !!

It's brainstorming what imo will be needed, to be allowed to base a students grade on TW content.
And for students it would be possible to proof, that they did the manual work to create the content.

have fun!
-mario

[1] http://en.wikipedia.org/wiki/Security_through_obscurity
[2] http://en.wikipedia.org/wiki/Public-key_cryptography
[3] http://en.wikipedia.org/wiki/Man-in-the-middle_attack

[Atul Grover]

I hope I am right in assuming that

1. The QR code once imported into TW5 shall get converted into illegible data which the students will not change from backend.
(We may not need to encrypt the QR code?)
2. The QR code once attached to any fixed corner of the sheet shall link the specific sheet to specific student.
(Which although can be read from any reader, but can only be made using some special application?)
3. This sheet not being a test paper (or something on which their lives depend), most students will not be motivated enough to learn the technology.
(Smart tech students are not my target audience anyway)

My only endeavor is for them to take to any smart tech guy who simply clones the html files & teaches them how to submit as their own.
(something is better than nothing)
I am OK with them copying the tiddlers from each other, since it is a part of my pedagogy (peer2peer/collaborative).

Regards

[Atul Grover]

Thanks

@Mario your explanation is very comprehensive. I look forward to your implementation.
@Danielo my pedagogy allows for copying the content from others tiddlers. Just that they should not copy/rename a file as their own.

Regards

[PMario]

On Wednesday, October 29, 2014 3:58:03 PM UTC+1, Atul Grover wrote:

1. The QR code once imported into TW5 shall get converted into illegible data which the students will not change from backend.
(We may not need to encrypt the QR code?)

As I wrote "security by obscurity" doesn't work.
It may work till, the first time you catch someone, because you know, they cheated. After that, they will be warned and find out how you know.
Then the race begins. ...

2. The QR code once attached to any fixed corner of the sheet shall link the specific sheet to specific student.
(Which although can be read from any reader, but can only be made using some special application?)

QR code has a standard format. That's why any reader can read it. ... You don't need any special application to create it.
You'll find a dozen of them online and for free, if you do a google search. eg: http://goqr.me/de/  I needed 35 seconds (including writing this text) and used the first link google showed me.

Again :) "hiding" information imo is a "non solution"
 

3. This sheet not being a test paper (or something on which their lives depend), most students will not be motivated enough to learn the technology.
(Smart tech students are not my target audience anyway)

Tricking the teacher is motivation enough.  At least, for me, it would be :)

My only endeavor is for them to take to any smart tech guy who simply clones the html files & teaches them how to submit as their own.

No smart guy needed, TW will do the job, in the future :)

(something is better than nothing)

nope.
IMO because it won't be worth the effort. So nobody should implement it.
Because not playing the game is the biggest win. See tick / tack / toe [1]

So imo investing the energy differently would be more productive.

 

I am OK with them copying the tiddlers from each other, since it is a part of my pedagogy (peer2peer/collaborative).

OK. good choice.

----

TiddlyWiki will get much better export / import UIs, because we need it.

... So in the future there will be no need for a techy, to clone the html file and create a new QR code.
TiddlyWiki UI will provide everything they need to import content from each other.
It will / should be a matter of seconds to transfer huge sets of tiddlers from one TW to the other.
Touching TW + the QR code won't be necessary.

--------------------------

@Mario your explanation is very comprehensive. I look forward to your implementation.

:))

I wrote: !!  Important: This is __not__ a promise, that I'll implement it. !!  It's brainstorming.

--------------------------

A completely different question. What kind of content do they produce??
May be there is a different way to identify cloning.


-mario

[1] http://en.wikipedia.org/wiki/Tic-tac-toe

[Atul Grover]

Hi everyone,
I guess the best security that can be achieved in TW5 is via security-through-obscurity.
But in the upcoming releases of TW5 especially with the extended-export- functionality, even this shall not remain so.

So lets say that I am OK with security through obscurity and want to implement it in good earnest, which means that although I cannot stop anyone from opening a text editor and doing whatever, however, I can hide the export functionality other buttons the frond end UI (aka read-only theme).

But students can still import a $:/theme tiddler, or easier still, throw the read only wiki into upgrader and get assess to all the hidden functionality.

There should atleast be a plugin to make a tw5 non-upgradable. The students can take the long route but not a shortcut (something is better than nothing).

Please suggest
Regards
Atul

[Danielo Rodríguez]

What about using a plugin that stores tiddlers in a specific format? For example,binary. Then yo should modify the edit template to show the content through your plugin /widget that knows how to decode the content. That way,if someone opens the wiki with a text editor the content will be a mess. Then you can obfuscate the code of that widget. To twist things even more you can make the widget to encode the content with an unique key per student,so they can not drag and drop between wikis.

[Atul Grover]

Danielo,

Great one!!!, Now, that is what I wanted to say.
Is there any plugin/widget our there, of this sort?

Atul

[Richard Smith]

Hi @PMario,

"It's brainstorming what imo will be needed, to be allowed to base a students grade on TW content. 
And for students it would be possible to proof, that they did the manual work to create the content. "

This sounds interesting. I have also been thinking about things like this, from my technically limited perspective. I also agree with you that, basically, there will always be a way to 'trick the teacher' - which is no bad thing at all. Also, in general, I think there is always a way to beat DRM measures and such things, when the motivation exists.

Nevertheless, I imagine a system one day in which a student's learning - and the activities they undertake as part of their learning is all 'logged' in real-time against a server (have you heard of the Tin-Can API?). It'll be as if the teacher could watch all the students all the time, which I know sounds creepy, but it won't be because the whole relationship of teachers to students will change when they no longer have to administer testing. A radical idea? But if 'the system' knows about everything that a student does and learns, in real time, why would there be any need to sit tests or exams? Would the students be able to cheat? meh - it would become irrelevant because there would be no tests to cheat on and no incentive for anybody to 'pretend' they had learned anything they hadn't. Pretty futuristic stuff, of course, but maybe the future is not so far away?

@Atul

I'm really pleased that you are using TW with your students, I think it's an amazing brain-expanding tool for them to play with, but I smiled when I read;

"most students will not be motivated enough to learn the technology."

In my (hard earned) experience of such things, it's only necessary for one of them to figure it out and therein lies all the motivation necessary, because the one who does will be a hero. Maybe you have nice, honest students, but I have found the temptation is great in teenagers. At several of the schools I have worked at I have come across students who had so much access to the school computer network without anyone knowing, it was hilarious - I mean they could literally change their own grades, write their own reports etc. and cause all kinds of havoc for the admins. Of course, I made them swear to only ever use their powers for good :) The problem with trying to outsmart kids is they're very smart!

[PMario]

A little bit off topic.

On Saturday, November 1, 2014 1:26:06 AM UTC+1, Richard Smith wrote:

Nevertheless, I imagine a system one day in which a student's learning - and the activities they undertake as part of their learning is all 'logged' in real-time against a server

 

(have you heard of the Tin-Can API?).

No I didn't, but I did a little research. The concept is interesting, but imo the most interesting part the "question answering machine" = the server side backend seems to be closed source. At least I didn't find any open source repositories.
 

It'll be as if the teacher could watch all the students all the time, which I know sounds creepy, but it won't be because the whole relationship of teachers to students will change when they no longer have to administer testing. A radical idea?

The idea, to watch all students all the time, reads a little bit like "1984" to me. Exploring new ways to change existing educational systems imo is good. Collecting data about
learning "progress" is good, if both sides, students and teachers, have _equal_ access to it. ... But systems like this produce very much data. Much more as any human (t
Teacher) can process. So we will need machines to evaluate the data. ... But as soon as we try to let machines "judge" about humans, we are doomed.

On the other hand.

The idea about a different relationship between student and teacher is interesting and imo has potential. If both sides use the tools "as tools" to check the actual status, to see what can be improved, we are fine. eg: The teacher sees, that a student should also read "a different type of book", to broaden his/her view and suggests it. OK. ...

But if 'the system' knows about everything that a student does and learns, in real time, why would there be any need to sit tests or exams?

IMO centralised storage, protecting and misusing private data is the problem here. I like the idea of TiddlyWiki very much, that "you own your data".

 

Would the students be able to cheat? meh - it would become irrelevant because there would be no tests to cheat on and no incentive for anybody to 'pretend' they had learned anything they hadn't. Pretty futuristic stuff, of course, but maybe the future is not so far away?

I think the problem is, how can we measure, if someone has learned something.

Let's say, that our tin-can tool records, that I did read all pages of George Orwells novel 1984. Can we say, that I understand the implications of a system described there. ... Or was it just the cat, that changed pages while sleeping on the keyboard. (BTW: I was at the pub, having fun :)

... IMO it can't be done by machines. A student presentation about the topic, or better,
personal communication between the student and teacher about a specific topic has to tell us.


just my 2 cents.

have fun!
mario

[Atul Grover]

@mario

Jeremy saw the tin-can repository in one of the hangouts and said that the TIN-CAN integration was possible/easy.
The last I heard was that TIN-CAN was open-source. I'll do some more research.

Irrespective of 1984 type feeling, TIN-CAN is imperative if we want to make tw5 a serious contender in education.

Lets give this integration our best shot.

Regards

--
You received this message because you are subscribed to a topic in the Google Groups "TiddlyWiki" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tiddlywiki/uUxcfjBWdRE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
For more options, visit https://groups.google.com/d/optout.

[Mat]

I have read you question but only skimmed the answers in this thread fo FWIW, here's maybe a seed for a different route:

Maybe the node.js version of TW5 would allow for tiddlers to be stored in different locations. If this is the case, you could perhaps set different permissions for different locations, such as "read only".

There is also the setup used in tiddlyspace (and tiddlyweb, I guess) where you can *include* another space (i.e other tiddlywikis). For instance if space A is included in space B, then changes in A are reflected in B but not in the other direction. If B makes a change to an included tiddler, this only cretes a copy that is changed.

This would also let A broadcast messages to all spaces it is included in.

I've seen exam systems where the students get a web based questionnaire and they all have the same questions but they get individual parameter values. Depending on the type of tests you do, maybe this could be used to prevent copying. You could perhaps use some kind of iframe to show it via TW but that won't make it fully integrated of course.

<:-)

On Wednesday, October 29, 2014 11:30:34 AM UTC+1, Atul Grover wrote:

[Richard Smith]

A little bit off topic.

Agreed. Apologies.

 

the server side backend seems to be closed source. At least I didn't find any open source repositories.

Tin-Can is an open reference standard. Although I don't have much experience of such things, I don't think it is too difficult to implement as it is basically just a restful json service. All of the current implementations are probably proprietary to the various bif platforms.

The idea, to watch all students all the time, reads a little bit like "1984" to me. 

Yes. I know what you mean. But the implication behind such dystopian ideas has always been that 'the system' would remain a hierarchy with a central point of administration but I think the reality will be a distributed 'flat' system over which everybody has equal influence.

The idea about a different relationship between student and teacher is interesting and imo has potential. If both sides use the tools "as tools" to check the actual status, to see what can be improved, we are fine. eg: The teacher sees, that a student should also read "a different type of book", to broaden his/her view and suggests it. OK. ...

IMO centralised storage, protecting and misusing private data is the problem here. I like the idea of TiddlyWiki very much, that "you own your data".

The notion I have is of creating a system in which every individual owns their own record and shares it with whoever they choose. The idea is to implement the Tin-Can API so that when the student is, for example, completing exercises in a TW-like personal document, they will choose where to have that doc 'report' to - which may be to their personal store as well as to the school's store. The same student may also, say, take swimming lessons and those results will be fed back to the personal store and to the store of the swimming team, but not to the school. One could take night-classes in embalming and keep it separate from other activities.

The data in the store has to be protected with 'blockchain' level authentication.

 

 

Would the students be able to cheat? meh - it would become irrelevant because there would be no tests to cheat on and no incentive for anybody to 'pretend' they had learned anything they hadn't. Pretty futuristic stuff, of course, but maybe the future is not so far away?

I think the problem is, how can we measure, if someone has learned something.

By the fact that they can DO something.

 

Let's say, that our tin-can tool records, that I did read all pages of George Orwells novel 1984. Can we say, that I understand the implications of a system described there. ... Or was it just the cat, that changed pages while sleeping on the keyboard. (BTW: I was at the pub, having fun :)

The whole incentive to have someone else do your work for you would be gone if there were no tests to pass. There would literally be no incentive to pretend a higher level of proficiency in anything than you actually had because it would come to light later. If the system mistakenly records that you read all of 1984 and then three days later it gives you a random test and you don't get any answers right, it would realise something had gone awry. The information 'Mario read the book' isn't useful or interesting to anyone in isolation, but only as part of a huge picture which emerges of Mario as a learner and that information is primarily of use only to Mario (the system may recommend that next time, he does his reading earlier in the day!)

 

... IMO it can't be done by machines. A student presentation about the topic, or better,
personal communication between the student and teacher about a specific topic has to tell us.

I am not suggesting that everything can be done by machines. What I imagine -although I realise that this will terrify most of the teaching workforce (many of who deserve it) - is that teaching, like all jobs, will involve more and more truly human skills - listening, empathy, encouragement - and much less of the machine work that it currently involves. eg; Instead of reading 50 essays every week to check for grammar and spelling errors, teachers will be freer to form meaningful relationships and have in depth discussions about narrative structure and the elements of persuasion etc.

Currently teachers do basically three things: they instruct, they coach and they assess. We're going to automatise most of instruction and assessment because we can and so, generally, the job of teaching will be increasingly about coaching - a task which can only be done by a real human being. This is a very good thing because it will put the teachers unambiguously on the side of the learners (instead of also having to be the 'judge').

The way the Tin-Can API can potentially ameliorate the problem of cheating (under current use-cases, not futuristic fantasies) is by effectively time-stamping interactions of the students' with their TiddlyWikis, making it much harder to copy work.

As an aside, another good way to prevent cheating is to give each student a different exercise - although this is often not practical and can generate significant extra work when it comes to grading!

@Atul

"Irrespective of 1984 type feeling, TIN-CAN is imperative if we want to make tw5 a serious contender in education.

Lets give this integration our best shot."

I agree with this and am pleased that others are interested in the potential. I will do some more digging when I have chance. You don't happen to remember WHICH hangout Jeremy discussed Tin-Can in, do you?

Regards,

Richard

[PMario]

On Monday, November 3, 2014 1:32:42 AM UTC+1, Richard Smith wrote:

A little bit off topic.

Agreed. Apologies.

I wanted to mark my post. Not yours :)
 

the server side backend seems to be closed source. At least I didn't find any open source repositories.

Tin-Can is an open reference standard. Although I don't have much experience of such things, I don't think it is too difficult to implement as it is basically just a restful json service. All of the current implementations are probably proprietary to the various bif platforms.

I have found some "client side" open source repositories already. So it should be relatively straight forward to send "learning records" to a backend. ...

My point is, that the interesting stuff goes on, on the server. It has all the data, and creates the statements about a students progress, or the lack thereof. The backend mechanisms seem to be proprietary and the services I've seen are very expensive. 

The notion I have is of creating a system in which every individual owns their own record and shares it with whoever they choose. The idea is to implement the Tin-Can API so that when the student is, for example, completing exercises in a TW-like personal document, they will choose where to have that doc 'report' to - which may be to their personal store as well as to the school's store. The same student may also, say, take swimming lessons and those results will be fed back to the personal store and to the store of the swimming team, but not to the school. One could take night-classes in embalming and keep it separate from other activities.

I see.
I like the ideas. ... But what if you need a 3rd party that stores your records and charges you 10th of thousands of dollars for that? So if I can't own my backend, there's something wrong in the system.

I'd need to do more research, if there are open source backends.

Anyone out there?

The data in the store has to be protected with 'blockchain' level authentication.

A blockchain [1] as I understand it, can be used to verify the ownership of data but not protect it against access.

But we are back on topic now: If a tiddlywiki uses blockchain signing on the tiddler level, we have a possibility to verify, who did create a tiddler, a set of tiddlers or the whole TW. But imo we will need a backend, that does the crypto work ... On the other hand there will be some very interesting possibilities.
 

 I think the problem is, how can we measure, if someone has learned something.

By the fact that they can DO something.

ok :)
 

I am not suggesting that everything can be done by machines. What I imagine -although I realise that this will terrify most of the teaching workforce (many of who deserve it) - is that teaching, like all jobs, will involve more and more truly human skills - listening, empathy, encouragement - and much less of the machine work that it currently involves. eg; Instead of reading 50 essays every week to check for grammar and spelling errors, teachers will be freer to form meaningful relationships and have in depth discussions about narrative structure and the elements of persuasion etc.

Currently teachers do basically three things: they instruct, they coach and they assess. We're going to automatise most of instruction and assessment because we can and so, generally, the job of teaching will be increasingly about coaching - a task which can only be done by a real human being. This is a very good thing because it will put the teachers unambiguously on the side of the learners (instead of also having to be the 'judge').

The way the Tin-Can API can potentially ameliorate the problem of cheating (under current use-cases, not futuristic fantasies) is by effectively time-stamping interactions of the students' with their TiddlyWikis, making it much harder to copy work.

As an aside, another good way to prevent cheating is to give each student a different exercise - although this is often not practical and can generate significant extra work when it comes to grading!

Ageed.

-mario

[1] http://en.wikipedia.org/wiki/Bitcoin#The_block_chain