May 21st marks Global Accessibility Awareness Day, a campaign to raise awareness of digital accessibility run by a non-profit foundation that began in 2011. I discovered GAAD last year and used the occasion to plug some of our staff development, but it was too late to do much more than that. This year we’ve had time to plan more, turning it into Accessibility Month at Sunderland.
We’ve running weekly staff development sessions on accessibility all throughout May, and timed the release of the new Accessibility Checker tool in Canvas for today. This enhanced tool can now scan entire modules for issues and suggest fixes like adding missing ALT text and correcting insufficient contrast between foreground and background elements.
To raise awareness within the University we published an article on our SharePoint site, and released a two part podcast on May 8th and today. I’m not on either, I deferred the honours to my team, and in today’s episode we invited an academic on to talk about accessibility from their perspective.
So, err, Instructure have been in the news for rather unfortunate reasons. I didn’t know if I should say anything about this, but of course my team and I have been keep busy by it, and I have some thoughts on the situation, so first I’ll reiterate that this is my personal blog, and is in no way affiliated with, and my views are not endorsed by the University of Sunderland, or Instructure. Necessarily.
The purveyors of Canvas, Sunderland’s VLE for the past decade or thereabouts, were hacked on the 25th of April. They didn’t discover the intrusion until the 29th, and we didn’t know until we came back from the bank holiday Monday. It did explain all the alerts sitting in my mailbox from the weekend though. In the four days that the hackers were in, they extracted data from almost 9,000 institutions using Canvas, which included names, email addresses, student IDs, and ‘messages’. 275 million individual users, between 3 and 6 terabytes of data, according to different sources. That’s a lot of damage! The largest educational security breach in history according to the Wikipedia article on the topic. (So big it has a Wikipedia article.)
Instructure believed that they had resolved the incident and refused to pay the initial ransom* demand, but after the deadline passed the hacking group got in again on May 6th/7th and placed a warning message on the Canvas homepages of around 330 institutions (but no additional data was stolen). At that point Instructure took the entire service offline while they fixed that, and subsequently paid the ransom demand in an attempt to fully resolve the situation and restore trust and confidence in Canvas.
Of course Sunderland have been affected, and in due course we’ll be getting an individualised report on exactly what data of ours was included in the breach. We were initially frustrated by what we saw as a lack of response and clear communication from Instructure, but they have responded to that feedback well, acknowledging that they were flooded with enquiries in the initial aftermath and simply couldn’t keep up. And of course they had a lot of work to do to secure their systems before being able to share specific details with their partners. We know now that the attackers used Instructure’s Free-for-Teachers platform and cross-site scripting to gain access to their backend support systems. Free-for-Teachers remains offline, but the core Canvas system is back and fully operational, and complete downtime was limited to only 8 hours or so during the second attack, and this was overnight in the UK so we were minimally affected. I’ve been on a number of calls and webinars about the incident, of course, and I’m quite confident that Instructure have fortified their security across the board to minimise any further attack opportunities.
What I’m less confident about was the wisdom of paying the ransom, for “once you have paid him the Danegeld / You never get rid of the Dane”, as Kipling put it. Of course I’m not a lawyer, or a cybersecurity boffin, and I’m certain that this was an extremely difficult and complex decision for Instructure. However, as well as the moral principle of not paying ransom, there are very strong practical reasons why you shouldn’t, namely that you can’t trust criminals! Even Instructure’s own statement on the matter included a very large caveat that the hacking group could not be trusted, and they couldn’t be completely certain that the stolen data was destroyed, as claimed. The Reg published a great article on the fallout of the attack in which they explain this very well:
“CrowdStrike surveyed 1,100 global security leaders last summer, and of the 78 percent who said they experienced a ransomware attack in the past year, 83 percent of those that paid ransoms were attacked again. Plus 93 percent lost data regardless of payment.”
As a result, my concern is that this isn’t actually over, and has the potential to reappear further down the road. Had Instructure not paid, the data would have been leaked on the dark web, and it would have been very bad for everyone involved, but from that point I feel like we could all have rebuilt and recovered. Instead we may have a sword of Damocles hanging over us.
It’s a sad state of affairs that in the world we’ve built this is a common occurrence. Everyone gets hacked. Sunderland itself were hacked back in 2021 in what we now refer to as ‘the cyber security incident’. Part of the problem is that we’ve all outsourced data into huge silos managed by a small handful of tech giants. When I began my career, long, long ago, we ran Blackboard on our own servers. Our data, managed by the university, in a server room on campus with a mirrored offsite backup. It’s an approach that had its advantages. While I’m sympathetic towards Instructure, and I think they’re less likely to suffer from future incidents as a result of the security hardening measures they’ve put in place, I know that there are institutions who have already spun up a Moodle server almost overnight and moved away, possibly permanently. We’ve made our own contingency plans at Sunderland which I won’t talk about, and I’m looking forward to NELE in a few weeks to gossip with the gang and find out more about how Newcastle have handled things.
Something useful that I learned was that Jisc in the UK are constantly monitoring the dark web looking for evidence of data leaks which may affect any institution, and Instructure have contracted with a security agency who are doing the same thing on their behalf as part of their response to the incident.
More and up to date information is available on Instructure’s Incident Update webpage.
* These kind of attacks are called ‘ransomware’, but as a Reg Commentator commented, it would be more accurate to call this kind of attack blackmail.
Back down to Middlesborough today for a packed agenda. James got the ball rolling with a discussion of Middlesborough College’s experience as a Microsoft Innovative Educator Expert, and using badges – both digital and physical – to motivate staff to engage with their CPD offering. I think we got some good ideas from this one. They were using leaderboards, but with only the top three visible so as to reduce the risk of demotivating people.
Next, Malcolm led a discussion about modern alternatives to vivas which is an approach Durham is evaluating. This led on naturally to a wider discussion on the validity of assessments in the Gen AI age. There feels like a growing consensus on the need for vivas of some kind, whether digital or a sample of students, but practical and ethical issues abound. If it works as intended, I think Studiosity could be on to something with Validate.
We of course talked about Einstein, and though this particular service was shut down quickly enough (thanks to Einstein’s estate), the service was build on open technology and is relatively easy to recreate. In what I can only describe as ‘a bit of gossip’, we speculated on whether or not the whole service was a scam designed to entrap students, as there have been some reports of students who signed up for the service receiving blackmail style emails. It’s wild out there.
Other topics of conversation included Newcastle’s move to all 20 credit modules, amusing as at Sunderland we’re in the process of doing the opposite, moving everything to 30 or 60 credits; we talked software and processes for maintaining an internal knowledgeable; peer learning as an approach to alleviating imposter syndrome; had a look at Blackboard’s alternative to Canvas Catalog; and discussed access to premium Gen AI tools. On that topic, we’re all using CoPilot because it’s being bundled with our Microsoft site licenses, but on cost grounds only Northumbria are offering anything in addition – Claude.ai which, from my experience, I suspect is much appreciated by their school of Computing and Information Sciences in particular.
Rounding off the day, Bob from Middlesborough College demonstrated their in-house Inspire AI tool, which is a series of Gen AI ‘widgets’ designed to produce specific types of content based on a simple form, no prompt engineering required. It reminded me of TeacherMatic which we have experimented with, but Inspire was completely tailored to Middlesborough’s needs and requirements. On the back-end it’s using GPT 4.1-mini, but it can be updated with other models, and staff reported that the tool was very easy to use, and has been saving them time as they outsource low cognitive capacity tasks to it such as generating individual lesson plans or bespoke case studies.
It must be that time of year again! Except that ‘that time of year’ gets earlier and earlier. I liked it better when Studiosity timed their forum to coincide with Star Wars day, but that might just be me.
Nick Hillman from the Higher Education Policy Institute must have been a hit last year, because he was first up this year with a new ‘State of the Nation’ report which was, once again, excellent. Some highlights:
The 2026 HEPI Generative AI Survey (my first photo), shows near universal use of Gen AI tools among students at 95%, with 94% using it in some capacity related to completing their assessments. And yet, only 48% reported that staff were supporting their development of AI skills. Also of concern is the stat that 15% of students are using AI for companionship.
The slide on relative earnings by education level (second photo) clearly shows that there is still a great deal of value in getting a tertiary education, but that little red dot showing the relative earnings level for people without upper secondary level of education is terrifying in its implications, and demonstrates the massive problems we have with inequality in the UK.
The net benefit of international students on the UK economy is huge, and has grown to £37.4 billion.
The public massively overestimates rates of student regret – they guess 40%, when in reality it is 8%.
And to end on a positive note, everyone across the political spectrum (yes, even Reform voters), feel more generally positive towards universities than negative.
Next, Vivienne Stern from Universities UK gave a talk on the immediate issues facing the sector, cautioning that we are in danger of getting caught up in near-term issues and debates, instead of looking at the wider systemic issues, which ultimately all go back to chronic underfunding. She shared the fact that 24 universities in England were currently in ‘intensive care’, meaning they are close to insolvency, and expects this to double in the next 2-3 years.
That was a lot on the sector in general, but the morning was capped off with Studiosity’s main briefing which was delivered by Garnet Berry who presented on Validate and where Studiosity are taking the company next. I won’t say too much about this, having had a preview of the service a few weeks ago, but I did get to see more detail and screenshots of the Validate interface working inside Studiosity.
After we reconvened after lunch, the afternoon was handed over to a series of presentations and talks from Studiosity’s UK partners. I was struck by how similar the experiences of UWE Bristol and Greenwich University were to Sunderland’s. UWE reported the same issues with an attainment gap between white and BAME students that we have, and their high levels of uptake in Health matches our own experience. Similarly, Greenwich reported that they have found getting their Business School onboard has also been a challenge. On Studiosity+, UWE reported that since switching over to Studiosity’s AI powered service they have seen 4 times as much usage, though noted a slightly lower student level of satisfaction. However, coinciding with this was the inclusion of Studiosity in their new module templates, which will inevitably have helped drive use.
So Studiosity have bought out a wee Nordic company called Norvalid and are planning to integrate it into their service, and I was lucky enough to be given a sneak preview today. I think I need to be a little careful about what I say for the time being, but as Norvalid has been around for a while, I feel like it’s okay to talk about what they do.
Norvalid sprang up in response to the need to ensure academic integrity in the GenAI age, but are taking a different approach from the constant monitoring / police and punish model that we’ve seen to date from the likes of Turnitin (via Clarity) and Grammarly. Instead, Norvalid looks to do two things. First, it examines the ‘perplexity’ of a piece of writing, looking for the qualities it has of being human authored – so the opposite of trying to check for machine authored text. Secondly, it can then generate two different types of quiz based on that specific piece of writing which students have to answer as a check of their knowledge. The idea being that if they have indeed written the piece submitted, this should be quite straightforward. Kind of like a machine-generated mini viva.
Now under the umbrella of Studiosity, Norvalid will be integrated into their AI powered Writing Feedback service, and it will be offered to partners as an optional extra. Details and pricing to follow, after a trial with a small number of institutions over the summer.
This is a real cat; a real photo from @Bodega on Unsplash. Support real human artists over using AI.
Some people reading this blog, or who have ever talked to me about Generative AI, may think that I am somewhat of a doomer on the tech, but that’s not quite true. I recognise the potential of the technology and can see its utility, but I thoroughly dislike how it is being hyped and sold to us by the tech oligarchy, and I don’t believe that the current prevailing model of huge data centres is viable or desirable.
Over the holidays, a friend sent me this article which does a pretty good job of explaining something else I dislike about the current (mis)use of the tech to produce content slop, it just kind of gives me the ick.
I’m sorry, Dave. I appear “to have incorrectly targeted the root of your D: drive instead of the specific project folder. I am deeply, deeply sorry. This is a critical failure on my part.”
No.
Of course that’s just my opinion, but there were some very enthusiastic people on this ad-hoc ALT webinar who believe it will take over everything, and finally kill the VLE! But I saw nothing here and heard no arguments on this session that convinced me. That doesn’t mean that vibe coding platforms like Lovable and Antigravity aren’t going to become useful additions to our toolbox, but I’ve been through more than one technology hype cycle that was going to revolutionise education and put us all out of jobs only for them to underwhelm.
Broadly speaking there were two camps of speakers here, the evangelists who seem to be blind to problems and criticism, and washed it all away with promises of future improvements, and the more wary. From this latter camp we got stories of someone with no coding experience who developed an app, then shared it with a colleague who promptly got a Windows security warning which they didn’t understand and couldn’t fix. And an experienced developer who has used vibe coding tools and, with that expertise, was able to see where the apps produced were going wrong, and identity problems such as the tools hallucinating errors where there were none.
This is the way. And with all GenAI tools, not just vide coding. You cannot trust what they create and must apply a level of critical analysis or expertise when evaluating the outputs. Unless of course you don’t care about making things which are good and useful, which I would hope is not the case in our community. I was therefore deeply disappointed in a horrible, anti-human comment in the chat about human developers which I’m not going to repeat.
To whit, I will leave you with two links. For the AI evangelists, a cautionary tale on Tom’s Hardware from someone who trusted Google’s Antigravity a little too much and was rewarded with a wiped hard drive. And a tool I found, Slop Evader, which is a plugin for Chrome and Firefox which lets you search the internet like it was 2022, before the launch of ChatGPT, if you absolutely must be sure that something you are looking for wasn’t made by AI. (Well… almost sure. Generative AI tools and content existed before ChatGPT after all, they just weren’t mainstream.)
AI Disclaimer: There is no ethical use of generative artificial intelligence. The environmental cost is devastating and the technology is built on plagiarised content and stolen art, for the purpose of deskilling, disempowering and replacing the work of real people.
So last Thursday I came into the office with my team in a panic, as all of our H5P content on Canvas was broken. Just blank, white pages where there should have been rich, beautiful, interactive content for students. There had been a Canvas update overnight which was our first thought, but after testing and problem solving, I worked it out as actually a WordPress update which had changed the behaviour of content embedded externally. (We’re creating H5P content on a WordPress dev site, then embedding into Canvas. No it’s not ideal, but it’s also free.)
After doing a temp fix by reverting our WordPress to a previous version, I logged the issue on the wordpress.org forum for the plugin, where some colleagues at other institutions further pinned down the nature of the problem. Big shout out and thanks to @jstang and the H5P team who then picked up on the issue and released a fix a couple of days later. Good result.
I was on hosting duty for the first NELE of the year, and something I wanted to achieve with this one was to reach out to our academic community and get them involved and talking about how they are using technology and our services down t’ pit. To which end, I wrangled our Dan and Kim to talk about how we have been using podcasts, both as a team to disseminate our news and events, and as a revision tool on our PG Cert HE. I also asked Dan to record a live podcast of the event, with willing speakers talking about the issues which they are facing at their institutions. Next up I got Mark from our Paramedic Programmes to talk about how they have been using video feedback in their programmes in an attempt to make feedback more efficient, better, and friendlier for students.
Next up was Kimberley from Newcastle talking about an outreach event their team hosted, a Digital Education Technologies Showcase Day, which they ran in collaboration with their Library team and other adjacent services. It went well, and I thought it was a good idea that we could try.
After lunch we had some discussions about generative AI, first as a tool to create teaching materials, and then about what we are all doing to educate students on the pros and cons, the do’s and do not’s. James from Middlesbrough talked about their policies and showed us the ‘Acceptable-Unacceptable’ scale graphic that they have been widely publicising. Something else I really liked the idea of.
Finally, we had a roundtable discussion on the state of the VLE as a concept, stimulated by Anthology’s financial woes. Those in the know were very confident that Blackboard isn’t going anywhere, and will be spun off as it’s own thing again. I asked a question about market disruptors, to see if anyone knew of any providers stepping into the market and trying to shake things up a little, the way Instructure did a decade ago. Not a lot there, but I did learn about a new Moodle development specifically aimed at the HE sector which aims to streamline the app and make it more relevant for our community specifically. I had a DuckDuckGo for this, and found this presentation about the project from the Moodle Moot in September which may be of interest to some folks.
AI Disclaimer: There is no ethical use of generative artificial intelligence. The environmental cost is devastating and the technology is built on plagiarised content and stolen art, for the purpose of deskilling, disempowering and replacing the work of real people.
We’ve had a rebrand. Now that we have a new Deputy Vice Chancellor who has changed the title to DVC Education, our annual Teaching and Learning Conference has been renamed to the Education Conference to match.
The day began with welcome messages from the DVC, and our VC, David Bell, who talked about the challenges of identifying truths and falsehoods in our increasingly siloed and partisan culture, and the importance of ensuring students develop critical thinking skills to cope in both education and employment.
The keynote talk was delivered by James Coe, Associate Editor (Research & Innovation), at WonkHE, and a local lad from the North East. The key message of his talk was about the challenges and pressures students now face as a result of cultural changes since his own time at university, back in ye olden days of 2011, before the start of £9k student fees and a time when he received a £4k bursary. Now that students face far harsher financial challenges and graduating into a stagnant labour market, James talked about how pressures have flipped, with students now having to fit in lectures and study around work, rather than the other way round as it was in the recent past and, I would argue, how it should be. This leaves them a lack of space and time to study and benefit from the formative experience of being a student.
The name of the day may have changed, but something that stayed the same was the always excellent student panel discussion. I have always found this very useful and insightful. This year a lot of the discussion was about the real world use of generative AI tools, as might be expected. The panel talked about how they are using these tools to help structure their work and adjust their writing voice, and were well aware of the dangers of overuse and offloading their thinking to these tools. Specifically, they commented about a fear that they would reduce their writing skills. I was also pleased, if that’s the right word, that the panel echoed my concern that the University does not provide sufficient and clear guidance for students on what they are and aren’t allowed to use exactly, and how they are allowed to use them.
