5/8/2026 at 2:11:54 AM
Perspective from the trenches: I teach at a university that uses Canvas. We are in our final exams period right now.We got our first email (from Academic Affairs) notifying us that it was down at 5:17pm EDT this afternoon, with little info; followup emails were sent at 6:24 and 6:57 with more info, but mostly about how we would be compensating for it and not about what actually was going on (other than, "nationwide shutdown" and "cybersecurity attacks", no further detail). I don't get a sense that they know much more than that, not that I would expect them to.
A perhaps telling detail: they're instructing us to have students email us directly with any work that had been submitted via Canvas. That suggests that they have no particular confidence that it will come back up soon.
I personally am only slightly affected; as a CS professor a lot of my students' work is done on department machines, and submitted that way, and I do the actual exams on paper. More importantly, I've never liked or trusted Canvas's gradebook, and so although I do upload grades to Canvas so students can see them, my primary gradebook is always a spreadsheet I maintain locally.
But I have a lot of colleagues for whom this is catastrophic at a level of "the whole building burnt down with all my exams and gradebooks in it"---even many of those that teach 100% in person have shifted much or all of their assessment into Canvas (using the Canvas "quiz" feature for everything up to and including final exams), and use the Canvas gradebook as their source-of-truth record. We've been encouraged to do so by our administration ("it makes submitting grades easier"). For faculty in that situation, they have few or zero artifacts that the students have produced, the students themselves don't have the artifacts to resubmit via email because they were done in Canvas in the first place, and they have no record of student grades or even attendance (because they managed that all inside Canvas). I guess they have access to the advisory midterm grades from March, if they submitted them (most do, some don't), but that might be it.
My gut feeling on this is that this is either resolved in hours (they have airgapped backups and can be working as soon as they can spin up new servers), or weeks (they don't). Very little in-between. And if that's true and we wake up tomorrow with this unresolved, I really have no idea what a lot of professors at my university and across the country are going to do to submit grades that are fair and reasonable. In the extreme case, they may have to revert to something we did in the pandemic semester (and before that, at my school, in the semester that two major academic buildings actually did burn to the ground a week before finals): let classes that normally count for a grade just submit grades as pass-fail. Because what else can you do?
(Well, one thing you can do is not put your eggs all in one basket, and not trust "the cloud" quite so much, but that ship's already sailed. I do wonder if in the longer term, anybody learns any lessons from this....)
UPDATE: As of 11:45pm EDT, my university's canvas instance is up and running! Here's hoping it stays (but I'll be downloading some stuff just in case...)
by blahedo
5/8/2026 at 2:48:02 AM
> the students themselves don't have the artifacts to resubmit via email because they were done in CanvasIt’s so simple to send an e-mail to the student with relevant records on completion of a quiz or whatnot. They don’t do it, because they want to control the data. (And universities don’t insist on it for who knows what reason.)
by JumpCrisscross
5/8/2026 at 4:34:01 AM
I've never used Canvas before, but all the LMSes that I've used allow students to enable emails whenever anything is updated, including when grades are posted. This is off by default because it's often 10+ emails a day, because many teachers post notes once a day, and with 5 classes, that adds up pretty quick. I personally have it enabled because it's pretty manageable with some custom Outlook rules, but setting this up is well beyond the capabilities of most students.by gucci-on-fleek
5/8/2026 at 11:09:31 AM
Canvas will send emails when grades are posted, but not what the grade is. Or at least that’s the way in the configurations I’ve seen. So, that wouldn’t help in a case where no one can access the canvas gradebook.by mbreese
5/8/2026 at 12:27:37 PM
yup you just get an email saying "A new grade has been posted for EECS 420"by trillic
5/8/2026 at 1:38:08 PM
...then all those clicks juice engagement and utilization numbers; why would someone want to just know their grade when they can use more clicks and custom apps to get the same info? </s>The party line is probably something about "a lack of data security" with email, which would almost be funny given the current situation if it wasn't so stressful for those impacted...
by skeeter2020
5/8/2026 at 2:32:11 PM
No, students are already forced to use Canvas enough as is. This is enterprise software, it's not a consumer phone app. This is nothing to do with "engagement".This is to do with FERPA which requires that student grades be kept private. There is a small but still a significant legal risk that someone else such as a parent or roommate could have access to a student's email. And so to avoid even the possibility of a court case, schools prefer to play it safe and display grades only to a user they can authenticate directly.
This doesn't have anything to do with common sense, it's simply about legal risk. And it's not about security in a broader sense, it's specifically about privacy FERPA legislation.
by crazygringo
5/8/2026 at 2:55:41 PM
FERPA allows emailing confidential information to a student email on record if the university controls the email account. Most universities offer their own email service (and require using it) for this exact reason.There is no more risk of access to email than there is to Canvas. They are usually secured by the same SSO, too.
However, congratulations for finding the exact dodge around implementing a useful feature. Back when I worked at a university, it was apparent we had a “toolbox” of reasons to deny requests we didn’t want to do: HIPAA, FERPA, ERISA, PCI, GLBA, Title IX, ADA.
“We can’t do that integration with student health services due to HIPAA concerns.”
“We can’t implement that sign up form due to FERPA.”
“We can’t update that site because we’d have to do so and be ADA compliant and that would cost too much.”
“Due to Dining Services’ server being in scope for PCI, we can’t run reports off of it.”
“Adding that ability to Student Affairs’ portfolio app would raise Title IX concerns.”
It was great. You had endless excuses to say why you can’t email a student their grade.
by trollbridge
5/8/2026 at 3:13:25 PM
I already said it's not about common sense, it's about legal risk.It's about edge cases like someone set up your email to forward all your emails to their account without you knowing. Or other additional situations you could imagine.
There is no benefit to not emailing grades directly, from the perspective of Instructure. There is no ulterior motive here. But universities are genuinely risk-averse and their lawyers tell them that not including the grade in the email simply shuts down one more avenue for some potential lawsuit. Which costs money to defend even if a university wins it.
This isn't some kind of "dodge". This is literally just Instructure doing what university lawyers demand.
I agree with you that the email address is generally always also controlled by the school and has the same login authentication. It doesn't matter. I told you this isn't about common sense. This is about lawyers saying that it could reduce legal risk. And that is a true thing that is coming from real lawyers. Even if you disagree with those lawyers.
And Instructure isn't going to try to disagree with lawyers for its own potential customers. It's going to give the schools what they want, which is not revealing grades via email.
It's not a "dodge."
by crazygringo
5/8/2026 at 11:45:03 PM
Have you ever worked in an environment where you were responsible for building systems that complied with FERPA and you worked with your school's general counsel and compliance team on that?What you are saying about e-mail is simply not factual. Student e-mail is inside the FERPA environment, and is considered private to the student. It was designed to be that way. If a student sets up forwarding to go to someone else, that's their problem. The student e-mail uses the same SSO as the LMS, so it's nonsense to act like someone else could have access to e-mail.
by trollbridge
5/8/2026 at 3:22:47 PM
Then the lawyers are incompetent morons. There's "no benefit" to telling the student their own grade at all when viewed from that perspective. You could just not give them any feedback. Or you could allow them to consent to it, which is what the law asks.It is a dodge. Society should not just say "oh those silly lawyers". These people are not being responsible. They are not doing their jobs.
by ndriscoll
5/8/2026 at 9:08:03 PM
As someone who transitioned from working in startups and technology to a university, it is hard to describe how different the environment is.It looks very weird and is hard to understand from the outside, and unfortunately all technology vendors are on the outside.
Basically every technology has an impedance mismatch when brought into the university environment. And when you combine them together it keeps getting worse.
That's why you see things in this thread like CS professors who operate their class using pen and paper and maybe a spreadsheet.
by jrumbut
5/8/2026 at 11:46:27 PM
I worked with a lawyer who was the on-staff general counsel for a mid size private university who was not an incompetent moron.One thing I really appreciated that she did was refuse to put e-mail disclaimers in the bottom of e-mails, because she said they had zero legal weight and actually were negative from a legal perspective, since it means people might think they have legal weight (when they don't).
Overzealous e-mail admins would periodically want to do it because it's what everyone else does, not to mention vendors of frankly B.S. software whose only value prop was adding a disclaimer to all the email that went out of Exchange or Google Workspace.
by trollbridge
5/8/2026 at 3:33:00 PM
No, the lawyers are not "incompetent morons", and I highly doubt you have the legal training and domain experience to be qualified to make that assertion.You would be surprised at the number of frivolous lawsuits and seemingly "zero risk" decisions that wind up turning into actual legal risk and legal fees.
The legal world is a lot more complicated than you think. I've been in some of these conversations. Quite frankly, you don't know what you're talking about.
by crazygringo
5/8/2026 at 5:42:11 PM
> You would be surprised at the number of frivolous lawsuits and seemingly "zero risk" decisions that wind up turning into actual legal risk and legal fees. [¶] The legal world is a lot more complicated than you think.The law is a lot like an app: It has to take into account a gazillion edge cases and corner cases — not to mention that people can be ignorant and/or malicious. It really is complicated, as you say above.
Well done on not hurling insults at @ndriscoll, BTW. Personal attacks don't persuade the target, and they can turn off onlookers who might be undecided. (Competent lawyers learn early that judges and jurors don't like personal attacks and can be less inclined to believe the attacker.)
by dctoedt
5/8/2026 at 3:39:56 PM
The thing is, I don't need that training to recognize that they are failing to contribute to society. This is why I'm saying that it is indeed a dodge. "It's complicated and you don't understand it" isn't an excuse for making the world worse. And yes, it is fully possible for a someone to make that judgement without a large background in law, because it's taking a holistic look at "what was the purpose of this law, and are they interpreting it in line with that purpose?" The details don't matter; the outcomes do. Their job is to deal with the details to reach the desired outcomes. If society is better off for putting them on a boat and sending them into the middle of the ocean, then they are incompetent.Refusing to give a student their own data because of a privacy law that's meant to give the student control over their data is them failing. Full stop. There's no room for excuses for government funded entities to act in the exact opposite way that they are supposed to to avoid their fear of government imposed penalties from a deliberate misinterpretation of what the entire thing is about. That's incompetence by everyone involved. It is people going out of their way to make the world a worse place to act important. Absolutely unacceptable.
It's like if teachers aren't teaching the kids to read or add, the details about all the compliance stuff they need to worry about and how the school "can't" remove disruptive kids from a class or whatever is missing the point; the schools can't sacrifice actually doing their job at the alter of compliance, or we should just shut them down since all they do is waste resources. The compliance people should be figuring out how to shield the actual workers/create plausible deniability if the law is supposedly that stupid.
by ndriscoll
5/8/2026 at 5:36:12 PM
The world is complicated. Laws like FERPA are written with good intentions, but there are a lot of gray areas open to interpretation, and bad actors will take advantage of those gray areas to bring lawsuits for selfish purposes that universities have to spend money to defend themselves and possibly pay expensive penalties over. So lawyers advise how to follow laws in the most risk-free way.Blaming lawyers or Instructure for "failing to contribute to society" is both incredibly immature and factually wrong. It's not the 1980's where jokes about "kill all the lawyers" get laughs.
I'm going to be blunt: you seem to have a kind of black-and-white, adolescent understanding of the world where it's split up into good actors and bad actors, and good actors should do what's right (regardless of the law) and bad outcomes are the result of bad actors. But that's not how the world works. Everybody involved can be intelligent and trying to do their best, and we get suboptimal outcomes because this stuff is hard. Writing laws that protect student data while maximizing student convenience are probably never going to get it perfectly right in every situation. But insulting the lawyers or the schools or Instructure as "failing to contribute to society" or insulting the law as "supposedly that stupid" is to deeply misunderstand everything.
by crazygringo
5/8/2026 at 11:49:18 PM
FERPA does not have a lot of "gray areas open to interpretation". It's a well-understand body of law, case law, and regulations, and things like whether or not you can e-mail a student a grade are settled questions.by trollbridge
5/8/2026 at 6:49:13 PM
It's not a misunderstanding of everything, especially for schools that are government funded. They have a mission, they receive resources from everyone else to do that mission. If they are then worried about penalties for some frivolous side distraction, and choose to not accomplish their mission for fear of that, then why are we funding them to start with?Frankly it's a perspective that I've only developed as I got older and realized that such excuses are poor, and that the real world has quite a few people in it who don't really care about the outcomes of what they're doing, or even understand why they're there. To me it feels adjacent to the adolescent view I often see on this site/reddit around "why is the company laying people off when they're making lots of money?" It's because those people aren't needed for anything, and those jobs aren't a form of charity. They exist for a purpose. If they no longer have a purpose, why would you keep paying that person?
If people are going to exist as obstructions to the purpose of the institution we're trying to serve, then they are useless. It's like a computer security worker saying the best way to be secure is to unplug everything, and push for policies that no one shall use computers for anything. Completely missing the point.
Finding ways to follow the law in the most risk-free way to the detriment of everyone is exactly missing their purpose in the world, and everyone should rightly call such a person incompetent and useless. It's casual acceptance of this kind of incompetence culture that slowly leads to societal decline. It's the same kind of thing as when Berkeley took down their lectures because of the ADA. How about the same state that ignores federal immigration and drug law say that actually they're going to keep giving away their free educational materials because they want universal education, and giving those lectures away is strictly better than not doing that, and if the feds want it made accessible, they can fund a project to do so?
by ndriscoll
5/8/2026 at 11:01:22 PM
I really don't know what to tell you. You're literally calling for universities to either break the law or not worry so much about following it, and calling people who do want to be careful about following the law "incompentent and useless".If you don't see how extreme that is, and how much society would break down if everyone started thinking laws were optional and ought to be ignored when they prevent you from accomplishing your "mission", I just don't know what to tell you.
by crazygringo
5/9/2026 at 12:07:42 AM
Quite the contrary: society very obviously runs because people ignore policies and laws constantly. That's why following all laws exactly is considered a protest or subversion strategy: malicious compliance.Like the entire AI industry could only work by completely ignoring copyright law. Basically no software could be written if developers were concientious enough to check for and avoid patents first. Tradesmen ignore safety policies. Doctors ignore limits on hours. People do work on their homes with no permits.
Part of being an adult is exactly knowing which rules are important and which you ignore.
by ndriscoll
5/9/2026 at 12:39:42 AM
Individuals can choose which laws to ignore, like when they jaywalk.Corporations, universities, etc. are very different. They create policies which are documented and which their employees are required to follow. They engage in risk analysis.
"Part of being an adult" has nothing whatsoever to do with the laws and regulations that apply to organizations. You're making a severe category error.
by crazygringo
5/9/2026 at 1:09:39 AM
Organizations are made of individuals who I assure you regularly ignore or don't even read the policies they are "required" to follow.by ndriscoll
5/9/2026 at 2:26:49 PM
I don't know what world you live in. Everywhere I've ever worked, that gets you fired. Real quick.by crazygringo
5/9/2026 at 4:42:55 PM
I've worked at a couple F100s and a startup.At IBM, vim was specifically banned by legal because of reputational risk because the license asks you to consider donating to children in Africa, and IBM didn't want to be called out for not doing so. Guess which editor pretty much everyone in my org used? We also weren't allowed to move furniture because of some union agreement, but guess how many people cared when furniture mysteriously moved from an empty office room into ours? None.
At the startup, people in our satellite office in Arizona openly mocked the California HR harassment training over lunch. It was also an open secret that one of the managers started dating a report. As far as I know many years later they've both moved on to other jobs and they're still together. Nothing bad happened.
Breaking some policies will absolutely get you fired, but that's mostly around doing things you shouldn't be doing, and even then usually only matters if someone else that has some power might themselves get in trouble/have more work/lose something because of what you did. Others no one will care about. Again, part of growing up is figuring out which policies have a purpose and which came from some busybody.
I also already gave the entire AI industry as an example. We know for a fact that Meta trained on pirated material, and it's pretty obvious that everyone else does too. It's blatant industry wide flouting the law. The realpolitik answer here is everyone knows that enforcing the law here would be the final nail in the coffin for China superceding the West, so it's not going to happen.
by ndriscoll
5/8/2026 at 11:52:50 PM
Just to be clear:E-mailing a student their grade is not "breaking the law".
Not e-mailing a student their grade is not "being careful about following the law". It is just sheer laziness.
A university may develop a policy of "we don't e-mail grades" for another reason, but FERPA is not a valid reason.
by trollbridge
5/9/2026 at 12:42:23 AM
"Just to be clear":It's not "sheer laziness". I can almost guarantee you that Instructure would prefer to e-mail the grade itself, and probably had the code working somewhere before feedback from universities told them to remove it.
There are absolutely cases where sending an e-mail to the wrong person is a violation of FERPA. Can you guarantee that your software will never be configured to accidentally e-mail someone besides the student? That no administrator will ever accidentally set up the wrong e-mail address? Because you're not sure if you can make that guarantee, it's legally safer to restrict it to the actual LMS login.
by crazygringo
5/9/2026 at 5:40:37 AM
Yes, I have written software that would email a student information that was in scope for FERPA.It’s rather simple to restrict sending email to @student.uni.edu and then further force their email to match the username and email address that is synced from the SIS.
How much FERPA compliant software have you written?
by trollbridge
5/9/2026 at 2:31:14 PM
That's great for you. I've been in meetings with lawyers around FERPA compliance.You are right that if you are creating a custom tool you can create that restriction easily.
But if you are creating a learning management system where administrators can configure it a million different ways and the university lawyers want to make sure that administrators don't set it up the wrong way, it makes sense to have that safeguard.
You are looking at the wrong level here. This isn't a software coding issue around technology. This is a policy compliance issue around people. When you create tools you have to consider the possibility of those tools being misused by an employee and mitigate those risks when possible.
by crazygringo
5/8/2026 at 6:51:24 PM
> The thing is, I don't need that training to recognize that they are failing to contribute to society.An old lawyer joke: What do you call 100 lawyers drowning in the ocean? A good start!
(Told to me by my dad, a former attorney till he retired.)
by wpollock
5/8/2026 at 11:50:50 PM
I think the lawyers in a straw-man imaginary world where they say a university can't e-mail any FERPA-covered data to a student (which includes such basic things as what times a student's classes are) don't contribute anything to society. But that's because they're just a figment of one person's imagination.Actual, real lawyers who work for or at real universities often do contribute quite a bit of valuable work. I enjoyed the one I worked with and think she did a great job of putting the brakes on over-regulating or using legal compliance as an excuse for just not doing work.
by trollbridge
5/9/2026 at 12:16:44 AM
That's great to hear. As I agreed elsewhere in the thread, their true purpose is exactly to shield other workers from this sort of nonsense FUD and make-work.Of course I presume it's also not a strawman because it's not in any way some unique thing to lawyers.
by ndriscoll
5/9/2026 at 5:41:33 AM
The general counsel at my last university job actually tended to cut through the red tape and excuses of “can’t do this due to legal”.Lots of fun if a department had been stonewalling for “legal reasons” and she was summoned to a meeting.
by trollbridge
5/8/2026 at 2:52:38 PM
Isn't that due to FERPA related concerns?by whyenot
5/8/2026 at 5:33:37 AM
> setting this up is well beyond the capabilities of most students.
by dotancohen
5/8/2026 at 7:24:22 AM
> Where will they be qualified to work?Going by a certain story 2 years ago, their concern should be that they're overqualified for Meta.
It doesn't help that gmail, which is the only serious direct competition to outlook, straight up doesn't do "folders" and instead goes with markers. So you can't really just put a filter that drags all the 100 low-priority alerts in what would count as a first degree abstraction of "place where things are sorted into". No, there are two layers of abstraction between point A and B of things, sorter and sorted things. The result? Muggles can't recognize the heck you're describing and refuse to even acknowledge the possibility.
by metaengies
5/8/2026 at 9:31:10 AM
> It doesn't help that gmail, which is the only serious direct competition to outlook, straight up doesn't do "folders" and instead goes with markers.While true, unless I'm mistaken, markers (I assume you're referring to tags) can be nested to provide a pseudo-folder hierarchy, and with proper filters you can remove the "inbox" tag and have the mail only show up under the specific tag.
TBH I don't fully mind it, it lets you classify an email in multiple ways (eg "See Later" as well as "Work related").
by user_7832
5/8/2026 at 10:07:55 AM
Tags are great but I still want my folders. Also doesn't help that the way google describes some things is unnecessarily complex or confusing. For example, removing an email from the inbox requires archiving it. In most other applications (WhatsApp, Signal, Outlook, etc) archiving usually results in the email being placed in a specific archive folder that isn't readily accessible through the UI. At least not to the same level that normal emails are.by mschild
5/8/2026 at 11:06:48 AM
People in my work and personal life experience do not understand the concept of labels in a Google inbox and misname them folders 100% of the time. Google allows you to drag-n-drop emails "into" labels like you would files in folders conflating the issue even more as the logic to automate this behaviour with a filter isn't leveraged. Even the layout of a default inbox is setup in a way that the average user has difficulty understanding what happens when an email drops off the "front page" of their inbox.by philamonster
5/8/2026 at 12:40:49 PM
They can be nested, the one thing I have never been able to figure out though is how to get alerts of receiving a message while also filing away in a sub folder. You get one or the other in outlook, as a result I rarely check my work email anymore cause I either get the fire hose of spam or miss everything entirety because it's going to a folder and not passing along an alert about a new message.by bitfilped
5/8/2026 at 8:48:28 AM
I partially solve this by using Thunderbird on my laptop. When I get emails on my smartphone (on the Gmail app), they unfortunately all go to the inbox. But the moment I open Thunderbird, it nicely organizes them for me.by GTP
5/8/2026 at 4:24:44 PM
Does Thunderbird have rules? I searched for this and didn't find them.by chopin
5/10/2026 at 7:07:40 AM
Yes, it has filters. Open it's menu (the three stacked lines on the desktop version) and you will find them there.by GTP
5/8/2026 at 8:59:18 AM
I use Thunderbird on both the desktop and Android. Love it.Perhaps Outlook is difficult to configure. Thunderbird is intuitive.
by dotancohen
5/8/2026 at 4:08:40 PM
Yes, every now and then I think I should try it on Android as well, but still have to do it. It would be great if there was the possibility to sync filters across devices, in a similar way of using your Firefox account to sync extensions. Do you know if this is possible?by GTP
5/8/2026 at 8:05:56 PM
I don't think it's possible.by dotancohen
5/8/2026 at 10:42:40 AM
Gmail still has perfectly functional filters that can be set to auto-apply a label and skip the inbox. They may be called "labels" now, but they still function just as they did when the UI called them "folders"by swiftcoder
5/8/2026 at 7:42:11 AM
If a CS graduate can't figure out some simple gmail labels and filters then they should not be awarded that degree. Plain and simple. It's not rocket science.by teiferer
5/8/2026 at 7:54:53 AM
And there are no other students at any college other than CS students? I'm not sure why a biologist or a literature student would need to be au fait with Google's admittedly fairly unfriendly email management setup.by Poacher5
5/8/2026 at 9:22:38 AM
Digital literacy is important to every field. Email filters are not some arcane computer science concept, they are the modern equivalent of filing physical mail into the right folder/pidgeon hole/inbox/whatever.Biology is a great example because of just how important digital record management is to experimentation in the field.
by denkmoon
5/8/2026 at 2:15:51 PM
I don't think you've seen many biology field data sets.by sillywabbit
5/10/2026 at 9:03:32 AM
Many relative to the total set, no. But enough to know writing it down isn’t going to cut it. Most datasets I’ve seen are xls, hdfs or csvs nested many directories deep. Not exactly for those who can’t manage an email filter. Without getting into the processing of it eitherby denkmoon
5/8/2026 at 7:12:02 PM
All biology folks I'm interacting with are juggling excel sheets all day.by teiferer
5/8/2026 at 7:10:15 PM
1. This was a response to a CS professor, so specific to CS students.2. Yes, configuring gmail filters should be doable for anybody with a university degree. It's really not hard.
by teiferer
5/8/2026 at 10:44:13 AM
Most of my students, across all disciplines, don't have basic competence in Word or GDocs, software they've been using for years. It's weeks to teach them how to appy headingsby mold_aid
5/8/2026 at 12:49:30 PM
I feel your pain, and my students are design studentsby Daub
5/8/2026 at 5:48:14 AM
Most graduates aren't really qualified to work anywhere that they couldn't have worked before going to college in the first place.by weird-eye-issue
5/8/2026 at 7:24:32 AM
You mean graduates of US colleges? Not colleges in general. Or non-technical graduates of US colleges?by smcin
5/8/2026 at 10:05:00 AM
I think they point weird-eye-issue wants to make is: Students attend college to become qualified to work.by J-Kuhn
5/8/2026 at 10:09:13 AM
I think you completely misread my comment.by weird-eye-issue
5/8/2026 at 10:18:34 AM
I understood your comment perfectly fine. I'm asking which graduates of which colleges you were referring to. It looked like you were generalizing about US HS and colleges. If so, plenty of other countries' HS and college education systems work better, so your comment doesn't extend.by smcin
5/8/2026 at 11:38:21 AM
> I understood your comment perfectly fine. I'm asking which graduates of which colleges you were referring to.They are referring to MOST graduates of MOST colleges. This is a deliberate overgeneralization about the nature of post-secondary education meant to highlight how it's frequently viewed solely in terms of completion rather than with regards to any skills or knowledge gained from it.
by froggit
5/8/2026 at 11:20:53 AM
I didn't even reply to you.by weird-eye-issue
5/8/2026 at 12:17:58 PM
I'm not confused.Your comment stated that college doesn't add much to a person's employability. (If you had wanted to be less obfuscatory, you could simply have said "a [HS] education is already adequate qualification for many jobs; college doesn't add much").
That was your claim. (I don't think your claim is correct of many OECD countries' colleges, but it was the claim you made.)
You then replied to J-Kuhn to say that they had misunderstood your comment by (mis)paraphrasing it as "Students attend college to become qualified to work."
by smcin
5/8/2026 at 12:33:33 PM
It's a little weird how I ignored your comment and replied to somebody else and then you felt the need to reply to me again and againby weird-eye-issue
5/11/2026 at 11:52:24 AM
Not really. The comment of yours that started the lack of clarity is this double-negative, and 0/2 of us who responded to you here found it useful:> Most graduates aren't really qualified to work anywhere that they couldn't have worked before going to college in the first place.
The double-negative could be read both ways: "Most HS grads aren't really qualified to work anywhere and college doesn't add much" or "a [HS] education is already adequate qualification for many jobs; college doesn't add much". So we apply Occam's razor and since the [U-5] unemployment rate for [US] HS grads is << 50%, conclude you meant the former. But the comment was still needlessly obfuscation. Even if we assume which country and education system you were talking about.
Conversely, it's a little weird how I ignored your lack of clarity and didn't point it out so starkly, then you reduce the interaction to this ping-pong. I don't intend to overflow the stack on this.
by smcin
5/8/2026 at 1:14:45 PM
I used LaTeX as a ugrad, it’s not that hardby lokar
5/8/2026 at 1:40:38 PM
you're at the other end of the spectrum; unless you get work in academia this is not an advantange.by skeeter2020
5/8/2026 at 1:45:57 PM
I use it to filter recruiters, if they can’t accept (a well typeset) PDF résumé, and insist on Word I know to skip them.by lokar
5/8/2026 at 2:56:51 PM
They only ask for Word because they plan to edit it to remove your contact info. Or worse.by trollbridge
5/8/2026 at 4:26:22 PM
So are you getting a lot of offers this way? Anyway, I admire your dogma.by recursive
5/8/2026 at 7:32:14 PM
Well, I’m retired now. I only had 4 jobs after finishing my BS.by lokar
5/8/2026 at 1:30:55 PM
Congratulations on your competence.by recursive
5/8/2026 at 2:12:15 PM
It's not even standard in academia.by sillywabbit
5/9/2026 at 5:08:36 AM
Depends on the discipline. I never hear of mathematicians using anything else.by poopmonster
5/8/2026 at 2:35:51 PM
You know that most students aren't computer science majors?Have you met the average community college student who doesn't even own a laptop but does all of their work on their phone? Gmail doesn't even allow you to create or manage filters from their phone app or mobile web interface.
by crazygringo
5/8/2026 at 6:10:21 AM
I have been using email for as long as email was a thing and I still managed to blackhole important emails with filters not too long ago.by fooker
5/8/2026 at 7:13:20 AM
> What are they learning?Exactly what is in their field of study, nothing more. That's a huge part of the problems created by treating academia as a degree mill mandatory to get a job able to feed yourself instead of a place only for those truly interested in actually studying a subject.
by mschuster91
5/8/2026 at 7:20:19 AM
Most people who have office jobs don't know how to do this eitherby emodendroket
5/8/2026 at 5:47:36 AM
Most managers I've met, struggle with setting up email filters, and have to ask tech support to do it for them. These students will be qualified just fine.by shakna
5/8/2026 at 6:02:46 AM
I'd hope/assume that any Computer Science students would be able to do this, but most Biology/Education/English/Art students probably couldn't.I mean, anyone smart enough to attend university could probably figure it out if they really wanted to, but there are hundreds of other useful things that they could learn too. There are only so many hours in the day, and given that most students don't get that many emails, I can hardly blame them for not wanting to prioritize learning how to filter emails.
(I personally have over a hundred lines of Sieve filters, but I'm definitely not a typical student)
by gucci-on-fleek
5/8/2026 at 1:24:12 PM
Biologists should be more qualified than most to classify and tag email specimens.by jameshart
5/8/2026 at 1:52:35 PM
This is a brilliant reply. I shook my head at the original and laughed hard at your perfectly reasonable question.It reminds me of an old joke my father used to say about jobs with virtually no interview (fast food, etc). He called it "The Mirror Test", as in if you hold a mirror up to the person, does it fog up? If yes, you are hired!
by throwaway2037
5/8/2026 at 12:18:13 PM
> What are they learning?Are you suggesting that outlook wrangling be explicitly taught at the college level?
by BigTTYGothGF
5/8/2026 at 12:19:17 PM
Anywhere. I straight up don’t check my email at work. If people need me they have to teams message me to tell me they emailed me. Don’t have time to sift through all the bullshit generated emails. Jira, GitHub, confluence, servicenow, workday, etc. amounts to an incredible amount of junk I just can’t be bothered with.by u_fucking_dork
5/8/2026 at 8:58:59 AM
>Setting up custom email filters is beyond the capabilities of most students?Yes. And most of the general population. They can do it once they know it exists, most people just are not aware it is a thing at all.
>What are they learning?
Here, their "major" as you say in the US. Someone in econ, biology or even CS is not going to learn Outlook rules. Maybe IT or business will have a sentence on it.
>Where will they be qualified to work?
Any office job. Any job really.
by Scroll_Swe
5/8/2026 at 8:24:15 AM
In my experience, it’s hard enough to make students check their school email in the first place. Let alone filter it.by setopt
5/8/2026 at 1:17:34 PM
As a ugrad, and later a PhD student teaching, everything is explained the first day. If you can figure it out you just fail the class (or go to office hrs to get help, etc).by lokar
5/8/2026 at 6:42:35 PM
As an associate professor, I do explain things the first day, but I am certainly not permitted to fail students as a consequence of not checking their email daily.Even if they didn’t hand in an assignment at all, without any reason provided, I’m required by regulation to offer them a second chance to pass that assignment.
The students’ rights are quite strong here (Northern Europe), which I generally support, but it has some downsides.
by setopt
5/8/2026 at 7:30:57 PM
Interesting. I remember very strict rules on turning in programming assignments (as a student, and later TA). On time, printed properly, in a specific envelope, labeled as specified in the right location.by lokar
5/8/2026 at 8:12:37 AM
it's MS software, i think it's inanely difficultby throawayonthe
5/8/2026 at 12:36:21 PM
Didn't you hear? Chat apps and iMessage (SMS included) is the new email.Delete
Delete and Report Spam
by butlike
5/8/2026 at 2:54:25 AM
Students having records of what their score was doesn't prove to the professor / university what score they received. "FWD: Exam 1 Results" is not especially auditable.by e28eta
5/8/2026 at 2:59:50 AM
If only we had some way of signing messagesby lacunary
5/8/2026 at 12:58:50 PM
The technology isn't there yet (。•́︿•̀。)by ykonstant
5/8/2026 at 1:13:15 PM
Though in a case like this attackers would likely revoke (or publish) the private key.by brookst
5/8/2026 at 1:15:14 PM
Ah, perhaps we could put it on the blockchain! /sby JeremyNT
5/8/2026 at 3:47:26 AM
> Students having records of what their score was doesn't prove to the professor / university what score they receivedIt's better than nothing. (And good training for the real world.)
Also, most universities (and many schools now) issue academic e-mail addresses to students. In those cases, the email is definitive proof.
by JumpCrisscross
5/8/2026 at 3:58:57 AM
DKIM signature could be used to verify that Canvas' server sent the email with the given contentby AmblingAvocado
5/8/2026 at 10:54:36 AM
Good luck having people forward an email a) with headers and b) in a way that doesn't break the signature...by nbernard
5/8/2026 at 4:18:02 AM
And who exactly do you think is going to verify 100s of thousands of emails this way dude?by tempaccount5050
5/8/2026 at 4:31:09 AM
A computer?by bravura
5/8/2026 at 11:34:17 AM
Emails from Canvas saying a grade is available do not currently include the actual grade in the email, so that would have to be implemented first. And it's probably not implemented quite intentionally because of FERPA.by hoppyhoppy2
5/8/2026 at 3:06:19 AM
As opposed to a screenshot of a website? Presumably the professor has a spreadsheet of all assignment grades that is submitted to the school?by gruez
5/8/2026 at 3:47:47 AM
> Presumably the professor has a spreadsheet of all assignment grades that is submitted to the school?This would undermine Canvas's lock-in.
by JumpCrisscross
5/8/2026 at 4:29:52 AM
Canvas is built to automatically export its gradebook to an external system. It will do that automatically every day if you want it to. Teachers or others can manually export to the configured foreign system on demand. So if you grade something and want it to show up in the foreign gradebook without waiting for the daily export, you can just press the button to make it happen right away.by freeopinion
5/8/2026 at 4:18:44 AM
i cannot believe how much benefit of the doubt people are giving canvased tech is the WORST performing VC sector
the ONLY game in that town is vendor lock-in! are people joking?
c'mon, canvas is a huge piece of shit. the SaaSpocalypse is coming for them - it seems it is simply that LLMs will be used to exploit it first, rather than universities writing an open alternative they share with each other for free.
by doctorpangloss
5/8/2026 at 4:57:32 AM
Canvas is AGPL licensed. Moodle is GPL. Universities or anyone else can already contribute to big name LMS.Canvas is used by Harvard, MIT, Stanford, Carnegie Mellon, CalTech, etc. If they each paid 10 FTE, they could set up a foundation that could govern the development of a top-tier LMS. Every tier-1 state institution could contribute 5 FTE. Even little JuCos could chip in an employee here and there. You'd pick up hundreds of capable employees at a fraction of what those schools currently pay to Instructure.
by freeopinion
5/8/2026 at 5:18:44 AM
How well has this worked for Open edX?by freeopinion
5/8/2026 at 7:55:14 AM
Why do they all pay for it then? Seems pretty universal in the UK too. Is it having the benefit of someone to blame when things go wrong?by gizajob
5/8/2026 at 1:07:55 PM
When the IT department is also the developer of the software, instructors will demand their feature be included in the software: they need a gradebook column that counts as extra credit, missing work, a dropped score, and 40% of the final grade simultaneously, but only for students who email after midnight during finals week.IT department will then build the feature as instructors are high-status and IT is low-status, and they aim to please. The software will collect hundreds of these over time. The institution will accumulate more developers, QA, a11y testers, PMs, instructional design consultants, and more PMs to deal with the instructors. The institution will then move to SAAS solution where the instructor is forced to join Canvas Jira and submit their feature request. A product manager at Canvas will then post to Jira and say thanks for your feature request, we will consider it. Game over.
by bklyn11201
5/8/2026 at 4:39:18 AM
On paper your idea seems obvious. You take a bunch of institutions that actually teach students how to program and have them cooperate to build an open LMS that benefits them all.In reality, universities always spin off anything that looks like it could generate revenue. It is very telling that you can't even get your college transcript from your college. You have to go to (and pay) some third party to get it. Some universities even outsource their "classes" like elderhostel to cruise lines and travel companies.
by freeopinion
5/8/2026 at 4:42:40 AM
> rather than universities writing an open alternative they share with each other for freeThat already exists [0], and is actually reasonably popular.
> the SaaSpocalypse is coming for them - it seems it is simply that LLMs will be used to exploit it first
I doubt it, because enterprise sales has nothing to do with how good your product is, how expensive it is, how easy it is to administer, how secure it is, etc.; it only depends on how good you are at enterprise sales. I mean, my university is Oracle-based, and I'm pretty sure that you could get 3 random undergraduates to write something better, so I don't think that LLMs writing better/cheaper software will make any difference here.
[0]: https://moodle.org/
by gucci-on-fleek
5/8/2026 at 3:26:29 AM
Nope! We're encouraged to keep all that exclusively in canvas. (As noted, I have my own spreadsheet. But I'm an outlier.)by blahedo
5/8/2026 at 4:37:35 AM
Presumably the system will be back up eventually, so there's not much benefit to lying here, since at best you'll raise your grade in a few classes for a couple months, while taking on a pretty big risk of getting caught.by gucci-on-fleek
5/8/2026 at 3:03:37 AM
You forget things can be signed, with the key owned by the school. It can be done.by pishpash
5/8/2026 at 3:30:25 AM
Does signing really make this easily auditable from the professor’s perspective?by SlightlyLeftPad
5/8/2026 at 3:44:05 AM
Exactly this, when was the last time a HN user had to interact with the prototypical 60-year-old set-in-their-ways professor?Extremely non-tech savvy, hates computers, and is gonna grumble "What the hell is a PGP? Better not be another one of those phone code things." as you try to pitch this highly-technological solution to a largely niche problem domain.
by DaSHacka
5/8/2026 at 4:09:33 AM
They don’t even need to not be tech savvy. This stuff just registers as “hassle” to most people so they do the bare minimum or search for ways to not deal with it at all. It’s easy to “tut tut” at them but ultimately we need to accept reality: privacy, security, these things take extra effort that isn’t strictly necessary for people to go about their daily lives even though the stakes can be super high. It’s not a problem until it is, so they aren’t really barriers that require people to do the work. It’s like convincing someone who just simply doesn’t want to go out and buy/install a lock on their door to go do it, except it’s not even a one-time thing. Their door works fine. They can come and go as they please. It’s not until something happens that they maybe change their tune (and even then!)Hell just getting people to do secure passwords is a whole thing.
by Forgeties79
5/8/2026 at 6:03:58 AM
I mean a cloud based learning management system also seems to be a very technological solution to the very old problem of checks notes grading quizzes?by jazzyjackson
5/8/2026 at 3:20:13 AM
Makes me glad I've always avoided doing my work on web platforms. When we used to have to make presentations in Google Slides I used to do them in Org-mode, then export to Sheets. I still have all those assignments sitting on my disk. Sure, there's versions of them on Google Drive, but I always make sure that the canonical version is the one on my disk.by MarsIronPI
5/8/2026 at 3:35:49 AM
>It’s so simple to send an e-mail to the student ...What seems easy on hobby projects gets way more difficult at scale. Source: experience.
by moralestapia
5/8/2026 at 10:04:33 AM
For what they charge for these LMSs, they should definitely be able to sent some emails.by Hendrikto
5/8/2026 at 1:15:40 PM
No concerns about privacy or regulatory considerations that might vary by jurisdiction? Just yolo it and deal with breech later?by brookst
5/8/2026 at 8:22:07 PM
> They don’t do it, because they want to control the data.Ironically, this incident shows they don’t have control of anything.
by bartread
5/8/2026 at 2:55:35 AM
I work in the Education sector as IT. We don't know much else either.Everything we know has come from reddit threads / hackernews threads. There has been 0 official communication today indicating this was an attack, yet the login page was defaced by ShinyHunters.
by rupx
5/8/2026 at 8:12:58 AM
Just to add one more data point, we also use Canvas at my university. The deadline for submitting who are eligible (i.e. passed compulsory assignments and labs) to take the exam was yesterday, and I couldn’t meet that deadline because Canvas went down. I usually do corrections offline so I have backups of my own evaluations, but these are courses with many teachers and many TAs, so Canvas is the way we sync our assessments.by setopt
5/8/2026 at 8:52:55 AM
I guess what surprises me the most is that it’s even legal for schools to outsource the core of what they do to some random tech company.Either way, they were under no obligation to adopt this garbage technology regardless of whether it’s available, so this is 110% on them.
by p-e-w
5/8/2026 at 1:32:13 PM
I’m sorry… is your view here that you can’t believe it is legal for a school to purchase software or pay someone to host software for them?You are aware that you are posting on Hacker News, a forum for people who make their living selling software and the expertise to host it?
by jameshart
5/8/2026 at 9:48:31 AM
The alternative would be that each school develop their own platform for this, which also isn't very good use of their time and money?Edit: No idea why this was down voted so much. I'm not defending Canvas, just wondering what the alternative would be.
by matsemann
5/8/2026 at 12:47:01 PM
> The alternative would be that each school develop their own platform for thisI worked at a university which did exactly this, in the UK.
It was a bespoke platform which integrated incredibly well with the rest of the systems the university used because it was designed from the ground-up to meet the institution's needs, there were regular user groups involving academics to understand what features needed to be built/worked on etc. At one point it was all OSS on GitHub too, in case other universities could've found it useful. It handled plagiarism detection (integrating with Turnitin), marking, exam grids, coursework submissions and feedback, seminar allocations, personalised timetables & mitigating circumstances.
The in-house dev team was vastly cheaper than anything SaaS would've cost, as well. It also maintained software for on-campus parcel deliveries, online exams, opinion surveys, a mobile app for students/staff, the SSO system, the course catalogue, car parking permits, a content management system and more.
by lol768
5/8/2026 at 1:31:43 PM
That sounds like a dream.My (also UK-based) university has been working on a new student records management project for years that's been incredibly ill-fated. It's destined to replace all their current systems and the first module module was meant to launch last year, except it thoroughly failed testing and nobody has heard anything about it since.
No idea how long it'll take to pull through. I don't believe it's an in-house effort.
by akpa1
5/11/2026 at 6:20:58 PM
In-house bespoke software sounds reasonable, and multi-customer SaaS sounds reasonable, but outsourced bespoke software sounds like a complete dumpster fire:End users who report problems:
* are ok with IT level 1 telling them IT level 3 is working on it with velocity appropriate to keep their jobs,
* are ok with IT level 1 telling them ${vendor_of_well-known_solution} is working on it with velocity appropriate for many customers, but
* are not ok with IT level 1 telling them ${vendor_of_bespoke_solutions} is working on it with velocity appropriate for one customer (if they even still exist).
by hunter2_
5/8/2026 at 1:52:02 PM
This sounds like a great opportunity for students to gain hands on experience with real software engineering work as well.by jcgrillo
5/8/2026 at 10:30:47 AM
They do not need to develop it, but host an existing software on their infrastructure maybe...by master-lincoln
5/8/2026 at 2:20:21 PM
The alternative could be to self host.https://github.com/instructure/canvas-lms/wiki/Production-St...
Or maybe consider not following the herd, and use a much simpler but sufficient system that can be self hosted, if available.
by tejohnso
5/8/2026 at 10:05:15 AM
The alternative is FOSS.by Hendrikto
5/8/2026 at 10:31:02 AM
Seems like instructure canvas is FOSS: https://github.com/instructure/canvas-lms/tree/masterby master-lincoln
5/8/2026 at 11:10:21 AM
If your line is GPL rather than AGPL there's Moodle.But you do then have to have a sysadmin capable of managing an enterprise grade LAMP stack.
by philipwhiuk
5/8/2026 at 10:48:12 AM
Canvas already is AGPL, though?by matsemann
5/10/2026 at 11:34:30 AM
So it can be used by multiple universities who share the maintenance. That is my point: Not everybody has to develop their own.by Hendrikto
5/8/2026 at 12:37:44 PM
Um. This is the forum for an industry that outsourced its entire core of what they do to Microsoft (GitHub).by dboreham
5/8/2026 at 2:38:13 PM
> I've never liked or trusted Canvas's gradebook, and so although I do upload grades to Canvas so students can see them, my primary gradebook is always a spreadsheet I maintain locally.That makes you one better than me. :( One thing's for sure--I'm never trusting it again.
I already had almost all my materials outside of Canvas and just used their API to upload it. So at least that's safe. But the grades... dang. Luckily we're only halfway through our quarter and it's not finals week.
Our instance is still down, but your update gives me hope.
by beej71
5/8/2026 at 11:19:40 AM
> “My gut feeling on this is that this is either resolved in hours (they have airgapped backups and can be working as soon as they can spin up new servers)”What good is having airgapped backups and spinning them up, if they are instantly vulnerable to the same attack again?
It does depend on what the attack is, but how do people approach that scenario?
by jodrellblank
5/8/2026 at 12:45:22 PM
That's an interesting question and one I'd like to know an answer to as well.by butlike
5/8/2026 at 7:32:03 AM
To my European ears this just sounds like a disaster like this waiting to happen. God bless the annoying privacy OSS advocates and bureaucrats, I guess.by camillomiller
5/8/2026 at 12:51:36 PM
As someone else in the thread pointed out: Canvas is in fact open source, or at least source available on Github. And it's used all over the world, not just in the USA.by gwerbin
5/8/2026 at 2:06:50 PM
Canvas is back up as of Friday US morning for me (HS student's parent). My kid got a few panicked emails yesterday from the teachers but it looks like Instructure got it resolved quickly.Canvas does provide a lot of value (all courses, teachers', students', and parents' contact information, all learning plans, schedules, room numbers, all grades, a lot of tests and assignments themselves, all upcoming assignments and deadlines, a lot of other coursework is in there, as are the final grades) but it shows that with external SaaS you might be one attack away from not only losing all that convenience but also in a world of hurt 'cause you lost all the data and now have to figure out how to proceed without the data and the system.
US high schools are in the middle of the finals, and seniors are getting ready for college (the transcripts to be finalized and sent out in a few weeks) so that was a scary timing.
by drillsteps5
5/10/2026 at 2:14:16 AM
Instructure got their systems back up but they but their handling of that student data is unacceptable.by F7F7F7
5/8/2026 at 2:45:07 AM
Backups are definitely helpful in ransomwares, but before systems can be restored and brought back online, victim organizations still need to assess the scope of the breach, find the initial access vector, identify compromised accounts, and evict the threat actor. That can take time.by jonstewart
5/8/2026 at 2:57:11 AM
I’m not certain, but it appears you’re giving Instructure a pass here, as if this is the first time they were hacked. But, it’s the second, by the same group.As a parent of kids who are impacted by this, I’m not super concerned about the data being held for ransom, but I sure as fuck am concerned about how much it’s going to cost the district to move to another provider.
by garciasn
5/8/2026 at 3:49:08 AM
> I sure as fuck am concerned about how much it’s going to cost the district to move to another providerDoes Canvas have cybersecurity insurance?
by JumpCrisscross
5/8/2026 at 3:48:55 AM
Not at all; standard IR procedure is scope -> containment -> eradication -> recovery. There is a fog right now; we don't know all the details. It seems to me that it's just as likely they weren't fully kicked out before or that the initial vulnerability wasn't remediated. You can't recover until the threat actor has been removed.by MattSteelblade
5/9/2026 at 2:30:52 PM
I don't have an opinion on Instructure (except as a parent generally hating the overall app-ization of education; fortunately our district switched away from Canvas a couple years ago), their cybersecurity posture, or this particular event. My only point is that even if backups exist, working through a ransomware attack often takes time.Also, ransomware gangs often exfil the data and threaten to release it if the ransom is not paid--blackmail, of a sort. It depends on the company and the data set whether this is effective as a tactic. But when it is, backups don't help.
by jonstewart
5/8/2026 at 2:55:39 AM
Maybe a hybrid approach. Scramble to create a final exam/project and give them the option to do pass/fail or a real grade, their choice.And then wish for the death of saas and a day where you can deploy your own software you can control and modify as you need.
by dumbfounder
5/8/2026 at 3:20:03 AM
What is the strategic response then? Assuming I'm a student and my grades are gone, and I want to graduate, shouldn't I pick pass/fail?Does a future employer look at pass/fail vs the grade? do they care? Are there even jobs that matter enough to care out there for them?
This seems like, solving the problem but without actually seeing the broader goal or trajectory education is supposed to follow.
by Avicebron
5/8/2026 at 5:45:02 AM
Most jobs I've had didn't care about a transcript in the slightest. It matters for future education and a small selection of jobs, and even them a few pass/fail courses won't cause any issues. It's not great if important, major-specific coursework is pass/fail, but usually you're not allowed to do that, so when it does come up you'll just have somebody ask what absurd situation (like this canvas thing) caused it.by hansvm
5/8/2026 at 6:29:03 PM
> Does a future employer look at pass/fail vs the grade?I don't know for a fact how pass/fail is treated by employers, but there are indeed some that look at your college GPA even 10+ years after you graduated. I suspect they don't care about the specifics of how your overall GPA was derived though, so pass/fail likely doesn't matter (unless you did really well and expected the grade to boost your GPA, and then pass/fail essentially does nothing to the GPA, thus kinda eliminating the GPA boost).
I got asked for my undergrad GPA (I graduated ~10 years ago) more than once over the last year by some finance/quant firms.
As for whether "do those jobs even matter enough," I guess it is more of a personal subjective take. I found the work that the people at those companies did (and the problems they solved) to be very interesting and challenging, I found the people working there to be extremely sharp, smart, and genuinely nice to interact with (which is an ideal work environment for me), and I found the total comp to be great. Honestly, I cannot think of much more to ask from an employer.
by filoleg
5/8/2026 at 8:08:18 AM
> day where you can deploy your own software you can control and modify as you need.Canvas is mostly FOSS
by flexagoon
5/10/2026 at 2:14:53 AM
Good luck trying to stand up something usable.by F7F7F7
5/11/2026 at 4:22:34 PM
You cant really do that in lots of cases. What grounds the grade is from is in many cases set in stone.by fastasucan
5/8/2026 at 10:48:16 AM
Universities are not going to write their own software, and no they can’t use ‘agents’ to write and maintain it for them either.by grey-area
5/8/2026 at 12:18:15 PM
It's somewhat ironic... if a University's CS department was charged with developing and maintaining the system, what an awesome learning tool it would be. CS students would maybe even be invested in the outcome by having to eat their own dogfood and then really appreciate it what it's like in the real world.by morning-coffee
5/8/2026 at 12:48:30 PM
We can see what that looks like in PLATO, which started in the 1960s. https://en.wikipedia.org/wiki/PLATO_(computer_system) ."Courses were taught in a range of subjects, including Latin, chemistry, education, music, Esperanto, and primary mathematics. The system included a number of features useful for pedagogy, including text overlaying graphics, contextual assessment of free-text answers, depending on the inclusion of keywords, and feedback designed to respond to alternative answers."
"PLATO III allowed "anyone" to design new lesson modules using their TUTOR programming language, conceived in 1967 by biology graduate student Paul Tenczar."
"The largest PLATO installation in South Africa during the early 1980s was at the University of the Western Cape ... For many of the Madadeni students, most of whom came from very rural areas, the PLATO terminal was the first time they encountered any kind of electronic technology. Many of the first-year students had never seen a flush toilet before. There initially was skepticism that these technologically illiterate students could effectively use PLATO, but those concerns were not borne out. Within an hour or less most students were using the system proficiently, mostly to learn math and science skills, although a lesson that taught keyboarding skills was one of the most popular. A few students even used on-line resources to learn TUTOR, the PLATO programming language, and a few wrote lessons on the system in the Zulu language."
The full PLATO system included grade books, attendance tracking, and class scheduling, as I recall. Perhaps a University of Illinois alum can say more.
I would really like to know how much more useful the current systems are over, say, PLATO in 1992, when evaluated for pedagogy and course management benefits.
by eesmith
5/8/2026 at 1:30:48 PM
It would be amazing and a great teaching tool, BUT the vast majority of universities don't have the money or IT departments to keep such a thing running. So the idea is a non-starter at most institutions.by grey-area
5/8/2026 at 1:38:29 PM
CS != Software EngineeringI had a lot to learn about actually developing software after I finished my CS degree.
by SoftTalker
5/8/2026 at 10:03:43 AM
All these articles listing the American schools affected, "nationwide" outage reported, meanwhile hundreds of millions in the rest of the world affected.Does anyone have a list of affected schools?
by apublicfrog
5/8/2026 at 10:13:48 AM
I don't have a list, but I can tell you the University of Iceland is affected.by isakmarr
5/8/2026 at 12:33:35 PM
> And if that's true and we wake up tomorrow with this unresolved, I really have no idea what a lot of professors at my university and across the country are going to do to submit grades that are fair and reasonableI have an idea for the midterm (pun intended): Maybe don't jump feet first into the deep end of a single point of failure going forward.
by butlike
5/8/2026 at 3:05:04 PM
Think they will end paying the ransom quietly.by roody15
5/8/2026 at 4:31:39 PM
100%, else goodluck with the lawsuit coming from the students, as the schools are the one liable for not securing their system.by addedGone
5/8/2026 at 3:02:05 AM
> let classes that normally count for a grade just submit grades as pass-fail. Because what else can you do?Schedule a single exam and that's your grade for that subject? That's how it should work anyway, credits for work during semester (or worse attendance) are not needed to evaluate if someone learned the material, give them an exam and done.
by vasco
5/8/2026 at 5:58:43 AM
That's just bad outdated practice. It leads to cramming and less remembering than of the demand is for students to do work and show learning and effort throughout the year.by goobatrooba
5/8/2026 at 9:51:13 AM
Most courses I've taken have obligatory assignments that are pass/fail, and you have to pass a certain amount during the semester to take the final exam. But the grade is determined entirely of the final exam.Which to me seems the best way, you still have to learn throughout the year. Especially to avoid cheating this works nice. And as an aside, most people I know that did a year abroad in the US got 1-2 grades higher, as it was quite easy to just farm extra credits.
by matsemann
5/8/2026 at 7:51:27 AM
It has been my observation that most of the better students were the ones who would not put in work during the semester/year and cram at the end.by sayamqazi
5/8/2026 at 5:10:55 PM
Who is doing the work though, the student, chatgpt or claude?by fastasucan
5/8/2026 at 3:29:52 AM
That's maybe something a school can do if exams are next week, or after.At my school, tomorrow is the last day of exams. Most of the students have left campus. There's no time or mechanism to schedule an(other) exam.
by blahedo
5/8/2026 at 3:05:40 AM
Exams have performance variance. Otherwise you're only getting a pass/fall signal in any case.by pishpash
5/8/2026 at 12:59:21 PM
Grading assignments just punishes people that don't cheat on their homework. It's worse than worthless, it actively helps the worst students.by aianus
5/8/2026 at 3:24:18 AM
Exams are the only fair way to evaluate if someone knows something (written or oral, in person). Take homes and attendance are just window dressing.by vasco
5/8/2026 at 12:56:54 PM
That feels like a poor statistical evaluation. Why not test along the way with progressive complexity/depth?Using attendance is a carrot to get students to show up, which leads to better learning outcomes overall - which should be the goal.
by Nagyman
5/8/2026 at 6:38:14 AM
Then you're testing how good someone is at exams as much as anythingby scubadude
5/8/2026 at 3:00:08 AM
> they have airgapped backups and can be working as soon as they can spin up new servers... and assuming they have a documented, tested, and trusted restore process.
by SoftTalker
5/8/2026 at 3:56:47 AM
Reminds me of the incident last year when a South Korean government's server room caught fire, which contained the government equivalent of Google Drive, and the only backup was in the same room, and they all burnt down together.Some data was permanently lost, and then officers told reporters that multi-regional backup was not yet built because it was too hard at such a massive scale... of 858 TB.
by yongjik
5/8/2026 at 6:47:40 AM
> it was too hard at such a massive scale... of 858 TBThere are probably many S3 buckets in existence that are bigger than that.
Not saying that they should've used S3, but it's definitely possible configure multi-regional backup (and a government can afford it).
by selcuka
5/8/2026 at 8:38:37 AM
My home theater setup has more storage than that.by walletdrainer
5/8/2026 at 3:02:11 AM
Ah yes the “recovery” part of the continuity plan. We tested that right? Right?by rayrey
5/8/2026 at 4:20:15 AM
[dead]by aaron695
5/8/2026 at 9:02:25 AM
[dead]by redsocksfan45
5/8/2026 at 9:59:13 AM
[flagged]by ElenaDaibunny
5/8/2026 at 4:30:07 AM
I don't understand what's the panic and doomerism about. Any competent IT team has backups and will be up and running as they go back to a state before the breach. This is HN. I'm disappointed that everyone is talking about losing grades and going back to pen and paper. I don't see how that could happen in 2026.And from the hacker's message itself, it's clear they want money in exchange for not releasing private info, not for the data itself.
Do we live in a fear based culture? Why the panic? Even if everything was hosted on Instructure's infrastructure, it's all AWS. I'd be VERY surprised if there aren't multiple way to go back to a previous state.
Most of the work and delay is to make sure they figure out where the breach occurred.
by copperx
5/8/2026 at 9:52:00 AM
I'm sure you're right. Across tens (hundreds?) of thousands of institutions worldwide, each one is exercising its well-written incident runbook that not only gets updated regularly but also is rehearsed constantly, just in case something like this happens. After all, what university IT department DOESN'T prepare obsessively for the moment when they need to restore all grades on all assignments for all courses from backup and fall over to the backup system for final exam administration in any required format specified by any professor, in the second week of May, on a non-negotiable schedule? There's absolutely nothing to worry about here.by simonreiff
5/8/2026 at 1:19:30 PM
Yep. Thank God we fund school IT so generously, so everyone from Harvard to small state colleges has an absolute top notch IT department, dedicated to best practices, fully resourced to do BC/DR planning and dry runs. This could be a real catastrophe if any schools were under-resourced.by brookst
5/8/2026 at 8:15:10 AM
Schools don't have competent IT teams.Here in the Netherlands a data center's power source (not even the machines) burnt down, data center is offline and University of Utrecht, one of the biggest universities here, is closed. Access passes don't work, work from home environment doesn't work, student information system is down, system for grading doesn't work. No failover for any of them (or maybe it was in the same DC?)
https://nos.nl/artikel/2613485-storingen-in-hele-land-door-b...
by yread
5/8/2026 at 7:21:55 AM
> Any competent IT team has backupsBackups can be sabotaged (turned off or schedules manipulated) or compromised (say, by lateral movement).
> Even if everything was hosted on Instructure's infrastructure, it's all AWS.
AWS Backup isn't foolproof. Get your hands on administrator credentials as an attacker and suddenly the only thing between everything being gone for good and unrecoverable even for AWS is remembering to have put a permanent deletion protection on all resources in AWS Backup.
by mschuster91
5/8/2026 at 10:01:03 AM
Sometimes it is very hard to recover from the offlining of essential systems: https://www.bbc.co.uk/news/articles/cy9pdld4y81o (Jaguar Land Rover, estimated cost in the billions)by pjc50
5/8/2026 at 11:04:22 AM
I fully agree. What really pisses me off is that these "hacker" groups always spout off how they are doing it to screw the man but then threaten the average person. Millions of them. It just goes to show how uneducated, low-class, and simple these people really are.by belabartok39