Silverwizard | silverwizard @ Silverwizard

silverwizard

silverwizard@convenient.email

Father first and foremost
RPG player/hacker for fun and explicitly not profit
InfoSec for Profit
Feral Child of Unix and RFC 2324

silverwizard@obscuritus.ca

http://obscuritus.ca

silverwizard

1 year ago from ZoobopDeDoDop!

silverwizard
1 year ago from ZoobopDeDoDop!

I went to sign up my kid for the local school's stupid SaaS product that, according to the school, has the main feature of adding a 2.9% transaction fee to all trips and other assorted school fees.

First, they tell me my password is too weak because it's over 20 characters
Second, https://www.school-day.com/en/terms-of-use

reshared this

Chadee 🦨🐋, Dream Witch 🌕 🌊

1 year ago •

poorly programmed with terrible security and management.

I wouldn't want my data in that.

This entry was edited (1 year ago)

silverwizard likes this.

silverwizard

1 year ago from ZoobopDeDoDop!

@Chadee the Dream Witch 🌕 🌊 It's only supposed to handle data for my child's schooling and payments.

Ya know - nothing important?

@Chadee 🦨🐋, Dream Witch 🌕 🌊

Jonathan Lamothe likes this.

Chadee 🦨🐋, Dream Witch 🌕 🌊

1 year ago •

Yeah I've seen so many of these micro service companies.

They see the big money schools get and want a share, and they find a way to save administration time, they just do it very poorly.

I think it's more of a problem that school administrators and staff don't want to do the same work they've always done for their pay which is fair, but this isn't the way.

silverwizard likes this.

silverwizard

1 year ago from ZoobopDeDoDop!

@Chadee the Dream Witch 🌕 🌊 and I get that they are working on small budgets - but I literally wish it was replaced with nothing

@Chadee 🦨🐋, Dream Witch 🌕 🌊

Chadee 🦨🐋, Dream Witch 🌕 🌊

1 year ago •

Just ask the school if you can do things the old way because that website doesn't look safe.

Maybe if they get enough people doing that they'll cancel their contract.

silverwizard likes this.

silverwizard

1 year ago from ZoobopDeDoDop!

https://gg4l.com/rampant-sharing-of-student-pii-is-a-risk-to-schools-and-edtech-vendors/ Oh.... I don't like this

Kicou

1 year ago •

you'll love it when your kids receive a Chromebook and do everything in Google Classroom

(oh, and the phone app wants admin rights on your device)

silverwizard likes this.

silverwizard

1 year ago from ZoobopDeDoDop!

@Kicou it can have admin on a VM which only does things to annoy the Admin

@Kicou

Jonathan Lamothe

1 year ago •

@Kicou @silverwizard If I had kids, stuff like this would drive me crazy.

@Kicou @silverwizard

silverwizard likes this.

silverwizard

1 year ago from ZoobopDeDoDop!

@Jonathan Lamothe @Kicou We have compliance and security policies. How the fuck do I know if these people comply with PIPEDA?!

@Kicou @Jonathan Lamothe

The Corodon

1 year ago •

School superintendents' main function seems to be as an attack surface for vendors like this.

silverwizard likes this.

Peter Healy reshared this.

silverwizard

1 year ago from ZoobopDeDoDop!

@The Corodon you mean to be attacked by vendors? Yeah it does

@The Corodon

silverwizard

1 year ago from ZoobopDeDoDop!

TIL http://www.school-day.com/en/terms-of-use works fine

Defaulting to https was our mistake

silverwizard

1 year ago from ZoobopDeDoDop!

@Kicou my main problem is that my browsers all replace http with https for me and then don't let me go back without real effort

Also the https version exists, just is a 404

@Kicou

⇧