Turns out that since a few weeks, the university broke eduroam with PEAP authentication (and hasn't fixed it yet). This means that my iPhone profile won't always work.

I've fixed the profile, it's available from:
http://ceaseless.ws/tudelft.mobileconfig

It's signed, also includes VPN and has all certificates needed bundled in (so no certificate warnings).

I was just wondering: why is the university even using an (overly complex) e-learning environment like Blackboard? Aside from Blackboard being a terrible product (both for end users and to administrate), I don't really see the advantage of using it at all.

All courses of EEMCS I've seen use Blackboard as a file sharing site. Sometimes also announcements are used to bring student's attention to some upcoming deadline or change in assignment. Other features that Blackboard offers -- the gradebook, quizzes, group enrollments -- are redundant because of their TU-developed counterparts (Volg+ ISP, Grouptool, CPM) or are rarely used (quizzes).

Then the user interface. The concept of Blackboard's courses is nice: all information is structured in one place. But one large drawback is that information in a course is not available until a student is enrolled. Want to download only a single file from a course? No luck, you'll need to enroll first. Then when you are enrolled, you'll have to find what you're looking for. Sounds simple, but with the mess that you'll most likely encounter it's not all that easy. Is the list of exam material found through 'Course Information' or 'Course Documents'? You'll have to search to find out. Maybe you're searching for a particular subject in the slides? If you don't remember what lecture it was in, you find yourself manually downloading 15 files -- one by one. Speaking of downloading files: that's not generally a bad idea, because Blackboard seems to always be down right the moment you're studying for an exam.

What would be a good alternative? Well, something far simpler I'd say. All information could be listed on regular web pages accessible through a simple URI. For example, MIT uses a has all their courses accessible through mit.edu/[course code], where the course code is something short like 18.06. You're then redirected to the correct webpage, although I could imagine the web pages could be hosted in a central environment as well. MIT's very simple system is strikingly faster and easier to use than Blackboard: in the time it takes for you to log in to Blackboard, an MIT student has already found what he's looking for.

But what if a student can't remember the course codes? Well, the current TU course browser works well enough, so adding a link to the course site would suffice. A student could also bookmark the course site -- how revolutionary! (except that it doesn't currently work with Blackboard because of it's use of frames.)

All that remains as a useful Blackboard feature is announcements. Students need to enroll for exams and practical courses anyway, so why not use the same enrollment to send announcements? This way we'll probably also reduce the number of students that forget to enroll for exams in time.

Will this ever become reality? I'm not sure. But I'm quite certain that this whole system could be easily set up within the cost of the current Blackboard licence, (excess) servers and Blackboard (technical) support personnel. (and the support personnel's lives would probably be a lot more enjoyable too.)

My previous post about A-Select described how it was possible to create a Single-Sign On logon for an application without an app_id, which means that the TU Delft has no control over which applications can use the SSO.

Logging in by itself is quite innocent (except when bundled with a Blackboard vulnerability). But as it turns out, with some creativity it's possible to get the full name, address, student number, gender and email address of a SSO user. That's six pieces of private information I wouldn't like everybody to have. And just to be clear: the SSO environment does not warn a user about which details will be given to an application, so even a regular login form on an application/website you trust could have the side-effect of providing a little bit more information than you'd wish.

Normally I believe in full disclosure about security related issues, but in this case it might be smarter not to tell everybody how to exploit this creative SSO usage. If you need more details, please use the contact form.

It's now even easier to generate your schedule from Blackboard.

Using a simple Firefox extension, generating your schedule takes just two clicks.

It should work for any combination of courses, even if you are enrolled at courses from multiple faculties.

Introduction

In a recent discussion about the TU Delft's A-Select Single Sign-On system it was said that the application ID, or app_id for short, was to be kept absolutely secret by whomever was given one to. This specific ID enables an application to communicate with the TU Delft A-Select SSO server, which in turn enables users to log in to your application. As long as app_ids do not leak, the administrators can control which applications can use the TU Delft SSO.

Read more »

Google actually stuffs all the images it needs on the page into one PNG. When the page has to display an image, it simply uses a little bit of CSS to cut off the parts it doesn't need. A clever trick saving out a whole bunch of server roundtrips.

The new TU house style has a new formatting for the description text under the logo. This is the old one:

And the new version:

I don't like it - at all. The text is alright when placed to the right of the logo, but placed under the logo it's worse than the old version.

I must admit the old English version (below) is not as nice as the old Dutch version, where the text fits nicely under the logo. I still like it better than the new one, though.

PS: The difference in colour is because of conversion and different formats. The old logos were taken from the TU homepage, which has logos in JPEG(!).

In addition to the TU Delft Luchthaven (WiFi+VPN) profile, I created a general profile to easily install the settings for the eduroam wireless network on your iPhone.

How it works: load up Safari on your iPhone or iPod Touch and go to:

ceaseless.ws/eduroam.mobileconfig

That's it - your iPhone/Ipod will load the profile, just accept it and type your username (netid@tudelft.nl for the TU Delft) + password and you're done!

You can also load any MobileConfig file by emailing it (as an attachment) to your iPhone.

.. gaat naar een niet nader te noemen persoon, op de eerste plaats met maar liefst 21 karakters. Succes met inloggen gegarandeerd. De kortste is overigens 3 karakters.

It turns out it's possible to mail somebody when you know only their NetID, without using the TU Webmail (which can 'translate' a NetID into a TU e-mail address): just use netid@mailboxcluster.tudelft.net. Mail will then be automatically be delivered to your TU mailbox (or forwarded if set up).

The bad news is that I discovered this because I received spam on the @mailboxcluster.tudelft.net-address. I suspect somebody created a list of all NetIDs (I know of at least one method to create such a list) and used that list to send spam messages.

Edit: There's even some semi-official documentation about this.