- Search & Find
- Use the Library
- Research Support
- Course Support
I recently started taking my first online course. In the course, one must work on projects with other students. Members of our work group are not always online at the same time. The level of communication and coordination needed is vastly greater than would be if a group gathered to work together in person.
The similarities between working on a software project with a geographically dispersed team are obvious.
Ken Haycock’s talk on working in teams is a tour de force. It includes strategies for clarifying goals, dealing with the stages of team growth, and navigating dysfunctions.
It takes a great deal of tact and care to deal with conflict in person. It takes much more tact and care to navigate troubled waters in a project online.
For me, Haycock pulled together everything I had learned about teams and more into one 50 minute talk. The most salient point for me was when he described the student in the team who did all the work, and, as it was being turned in, said “… and of course, I did all the work”.
Haycock describes how one might almost want to say in reply “Well, more fool you!” The importance of negotiating standards at the start was the point he was making. Unstated performance expectations must be brought to the fore. If someone wants to get an A+, someone else is ok with a B-, and they make it clear from the start, then a source of tension is resolved before it gets too late to do anything about it. To work in a team is to have everyone contribute fairly, and to get the benefit of the combined wisdom and experience of the group.
Haycock also talks about conflict in teams. Conflict, unfortunately, seems to be an integral part of becoming a team that performs well. It’s the storming of the forming, storming, norming and performing stages of team development. Yet conflict is all the more difficult to deal with when you can’t see the non-verbal cues of the participants.
In her talk, The Monster Inside Library School: Student Teams, Enid Irwin talks about her survey on the worries that online students have. These worries include having nothing to offer, getting things wrong, others taking control, and others not contributing fairly.
Such worries can stem from a perceived lack of control of time and grades, and a lack of enthusiasm or trust for teamwork. Such feelings on the part of everyone can have a negative feedback effect. The antidote? Enthusiasm!
The point is to gain experience working in teams in a world where cross-functional geographically-dispersed teamwork is more important than ever. Irwin talks about how a good attitude can make a team a success. Staying silent or stubborn, on the other hand, can be disastrous.
Irwin’s talk highlights the importance of engaged participation. She discusses the different types of teamwork and characterizes what success would look like for each:
To perform well and achieve success for their team, team members must first of all bring a positive attitude and participate!
It won’t be easy to put in practice all the good advice distilled in the resources above, but a dedication to participation and an eagerness to meet the challenge will go a long way toward doing so. I look forward to learning more in practice, for that is what it takes: practice.
The UCSF Library has now given our citation management subject guide a complete overhaul, taking into account new developments in this area and the increasing popularity of applications such as Mendeley and Papers. A new section helps you decide which application is best for you. Though intended primarily for UCSF affiliates most users will find useful information here.
No doubt you’ve heard about the Heartbleed bug affecting countless websites and devices over the past week. Reports of the bug are many, yet information about how it works and what you can do to protect yourself can be difficult to extract from the widespread media response. Here we’ll take a brief look at what Heartbleed is, how it works, and what you can do.Not a virus, not a breach… so what’s in a bug?
Some of the confusion around Heartbleed is related to the semantics of computer security. If you have owned a personal computer in the last decade, you’re likely familiar with computer viruses that affect your computer’s performance by embedding themselves in your device’s Operating System (i.e. Windows, OSX, etc.) Major data breaches have also made it to the front page of news outlets more frequently in recent years as hackers target user information stored online. In December 2013, Target announced a breach where millions of credit card numbers were stolen. Sony had a similar breach back in April of 2011 where over 77 million accounts were compromised.
Heartbleed is neither a virus, nor a major breach. Unlike a virus, there was no software written with malicious intent. And yet, unlike a major breach, this was not a planned, organized effort to gain access to information. It is actually a flawed piece of code in OpenSSL.
SSL stands for Secure Sockets Layer, a computing protocol designed to encrypt and protect information. This technology was developed so that information could be sent and received privately, without tampering. OpenSSL is just one implementation of the SSL technology, and it can be used to protect data transmission on websites, email servers, chat servers, virtual private networks (VPNs), and more. You may notice a lock icon (see image to right) followed by https:// in your web browser’s address bar when you visit an encrypted website. The s is short for secure and these both signify that the connection is encrypted. Not all websites use encryption, and not all websites employ OpenSSL to achieve encryption. Still, roughly half a million websites use the OpenSSL version that is vulnerable to the Heartbleed bug according to Netcraft’s April 2014 Web Server Survey.What’s the danger?
So where exactly does this vulnerability occur in OpenSSL? That is as humorous as it is terrifying. Here’s the vulnerable code: “memcpy(bp, pl, payload);”
Did you catch that? Let’s look a little closer.Heartbeat to heartbleed
Heartbeat is a term used to describe a connection check done between a server and a client. For context, imagine you are connecting to a server (i.e. a website). The client (you!) will send a heartbeat message to the website, and the website will send it back to you. This response notifies the client (again, that’s you) that the connection is still open and functional. The heartbeat message is useful because it prevents data from being transmitted when the connection is lost, and unnecessary connections can be closed.
If you look again at the vulnerable code “memcpy(bp, pl, payload,)” that’s the heartbeat. The payload part of that code can be manipulated to ask servers for extra information (e.g. usernames, passwords, and other information that was supposed to stay encrypted.) That means a hacker could use the common heartbeat function with a website you’ve visited in the past and exploit the Heartbleed bug to pull back extra data — data that could contain your sensitive information!
It is recommended that you change your password on affected sites after they have been patched. Changing your password does not address the underlying vulnerability, so be sure websites have implemented the fix before you make the change.
Mashable has compiled a useful “hit list” of popular sites where you can verify whether or not you should change your password. Additionally, LastPass has created a tool where you can input a website URL for vulnerability assessment.
You can also review UCSF’s Heartbleed bug information where they mention UCSF MyChart, Mail@UCSF, and MyAccess sites are not vulnerable.Is my phone or tablet affected?
Apple released a statement last Thursday that they are not employing OpenSSL as the method of authentication for their iOS and OSX platforms, or other “key web services.” You do not need to change your AppleID password unless you use the same password for another service that may have been compromised.
Google’s Android operating system has not employed OpenSSL since version 4.1.1, but Google web services which require login (GMail, Google Docs, etc.) were vulnerable to the bug. You should change your Google account password. Additionally, if you are running Android version 4.1.1, you should check if an update is available for your device.
So many passwords! How to keep track?
We all know the rules. Don’t use the same password twice, make them complex, and change passwords frequently. In the real world, managing so many passwords is incredibly difficult. Remembering these passwords on the go with your mobile device is that much harder.
There are, however, several password managers available that can help with this daunting task. The aforementioned LastPass is a very popular web-based password manager with free and premium options available. The premium option gives access to mobile applications at $12 a year. My personal favorite, KeePass, is an open-source application available on most platforms. You can gain mobile access to your KeePass encrypted database by hosting it in a Cloud Storage provider like Box, Dropbox, Google Drive, etc. LastPass, KeePass, and other password managers can help keep you safe by storing unique, complex passwords in a secure place.Additional Information
The Heartbleed official site is http://heartbleed.com, and you can find some less technical information in this overview at Gawker’s Non-Geek’s Guide. WIRED also has an eye-opening review of how this happened and the lesson we should learn from it. Be safe out there, folks.
No related posts.
In the previous post, we were introduced to Dr. Daniel Lowenstein and his “Last Lecture” presentation, which was both powerful and inspiring. Shortly after writing the post, Dr. Lowenstein contacted me, and we had an interesting discussion about his experience preparing for, and delivering that presentation.
I have always wanted to incorporate the voices of the instructors, students, and staff at UCSF, who work in the trenches and present or attend presentations on a daily basis. This post marks the beginning of a new series that will feature interviews of those people. I hope you enjoy the first episode of “5 Questions!”
5 Questions with Dr. Lowenstein
Bonus track: The Basement People
If you have any ideas about who the next 5 Questions interviewee should be, please contact me or leave your ideas in the comments section below.
Powerful. Inspirational. Emotionally moving.
Those are the words that best describe Dr. Daniel Lowenstein’s “The Last Lecture” presentation, delivered to a packed house in Cole Hall on April 25th. The Last Lecture is an annual lecture series hosted by a UCSF professional school government group (and inspired by the original last lecture), in which the presenter is hand-picked by students and asked to respond to the question, ”If you had but one lecture to give, what would you say?” Dr. Daniel Lowenstein, epilepsy specialist and director of the UCSF Epilepsy Center, did not disappoint. In fact, I can say with confidence that he delivered one of the best presentations that I have attended.
Rather than attempt to paraphrase his words, or provide a Cliff Notes version that doesn’t do his presentation justice, I will instead encourage you to watch the video recording of his presentation. The video is an hour in length, and if you have any interest in becoming a better presenter yourself, it is a must-watch. After the jump, we’ll explore my top “top 5 lessons learned” from Dr. Lowenstein’s presentation.
Last Lecture – Top 5 Lessons Learned:
To top it all off, Dr. Lowenstein spent the last few minutes of his presentation reviewing each of the 4 segments of his talk, and then related it all back to a single, clear message. That, my friends, is an example of storytelling 101, so I hope you were talking notes!
Continue on to part 2 of this post, where I interview Dr. Lowenstein about his experiences preparing for and delivering the Last Lecture presentation!
If you also found inspiration in Dr. Lowenstein’s presentation, please share your thoughts below, and I’ll see you at next year’s “Last Lecturer” event.