Saturday, May 16, 2020


Not knowing who gathered the data means we can’t ensure another batch won’t be coming.
The Unattributable "db8151dd" Data Breach
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Here's what I know:
Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance.
It's mostly scrapable data from public sources, albeit with some key differences. Firstly, my phone number is not usually exposed and that was in there in full. Yes, there are many places that (obviously) have it, but this isn't a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else I've interacted with in the past as though the data source understood the association. I found that highly unusual as it wasn't someone I'd expect to see a strong association with and I couldn't see any other similar folks.


(Related) If it is not your breach, who else had your data?
Security Firm claims to have discovered ‘Huge security breach at European Parliament’ that Parliament denies is theirs
Rebecca Nicholson reports:
Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach.
This is another one of those cases where a researcher goes public with allegations of a leak or breach while the entity allegedly breached firmly denies any breach. In response to a statement from the European Parliament that they investigated and
can confirm no official accounts or mailboxes of the European Parliament are involved. This information may be related to an old service account of a political group.
Kadakia told the Daily Express a breach had definitely occurred and provided what he considers proof of his claim.
Read more on Express.co.uk. As of the time I’m posting this, I don’t see where this story has really picked up any traction or further assessment in EU news outlets other than those just republishing the Express’s reporting. Nor is there any formal write-up on Shadow Brigade or Shadow Map. Most of the claims appear to be on Twitter in Kadakia’s account. One hour ago, Kadakia posted this update on his timeline:
Update: The issue has been fixed and the portals have been taken offline. I’d love to understand if appropriate GDPR disclosure and incident handling policies are being followed.
So it sounds like somebody did something to lock down the data. But it was it the European Parliament? As yet, we do not know.




Perspective.
Media, Regulators, and Big Tech; Indulgences and Injunctions; Better Approaches
From Ben Smith in the New York Times:
[Chairman of the Australian Competition and Consumer Commission Rod] Sims and a like-minded regulator in France, Isabelle de Silva, are challenging a universally accepted fact [??? Bob] of the internet: that Google and Facebook can carry content created by news organizations without directly paying the organizations for creating it. Last month, as the coronavirus put hundreds of publishers out of business around the world, the Australian government instructed Mr. Sims to force the platforms to negotiate payments with newspaper publishers — making it the first country to do so.
I hesitated to write about this article for two reasons: first, I have written on multiple occasions about how the free distribution enabled by the Internet is what hurt the newspaper business, rendering geographic monopolies predicated on owning printing presses and delivery trucks obsolete, dramatically increasing competition for attention even as new platforms predicated on delivering consumers individualized content turned out to be massively superior options for advertisers looking to target individual users. Does it need to be said again?
The second reason, though, works against the first: the sheer number of flat-out wrong statements in this article is so overwhelming that I seriously despair about the long-term effects: unintended consequences are always a concern when it comes to creating new regulation; they are inevitable when regulation is rooted in facts completely unmoored from reality.
Take this paragraph: it is just assumed that Google and Facebook ought to be paying publishers for their content, but any sort of rational evaluation would suggest that money should flow in the opposite direction. Google and Facebook direct traffic to publishers, and in Facebook’s case in particular, that traffic comes from the publishers themselves and their readers placing links on the service. Google does, of course, crawl the web for its search results and for Google News (which it doesn’t monetize), but we already know what happens if Google simply stops crawling publications: they start losing money, and lots of it (more on this in a moment).
Mr. Sims, a pugnacious 69-year-old who has spent much of his career tangling with railroads, ports and phone companies, sees echoes of those classic monopolies in this battle: “The digital platforms need media generally, but not any particular media company, so there is an acute bargaining imbalance in favor of the platforms. This creates a significant market failure which harms journalism and so, society.”




When you ask: If it can do that, can it do this?
THE NEXT WAVE OF AI IS EVEN BIGGER
According to Ellison, the major trends in AI for this year and the near future include those applications building on computer vision, the development of data generation and data labelling algorithms for training AI models, and the rapid progress of natural language processing thanks to transformer-based models.
Let’s take a closer look at Lenovo’s overview of some of the major near-term trends in AI.




Tools for online teachers.
Ten Ways to Use Wakelet
One of the reasons that Wakelet has become popular in schools in the last couple of years is that it can be used for a wide range of activities.
1. Make an online art gallery.
2. Make and share instructional videos.
3. Question/ Picture/ Video of the Day.
4. Organize research.
5. At-home activity collections.
6. Video collections.
7. Archive a Twitter chat.
8. Simple blog or journal.
9. Aspirations board.
10. End-of-year reflections and highlights.




Games for shut-ins.
GTA V Is Now Free on the Epic Games Store
You can now get Grand Theft Auto V for free from the Epic Games Store.
available to download for free until May 21st, 2020.
To grab a copy of GTA V for free, all you need is a Epic Games account, which is also completely free. Once you have set one up, sign in and head over to the Grand Theft Auto: Premium Edition page on the Epic Games Store, where it should be listed as Free.



Friday, May 15, 2020


Predicting a stronger CCPA?
CCPA 2.0 And Where We Go From Here
On May 4th, 2020, Californians for Consumer Privacy confirmed that they had submitted hundreds of thousands more signatures than required to qualify for a ballot initiative. It is still yet unknown whether the Attorney General will qualify the ballot for the November 2020 election, let alone whether it would pass. If the initiative passes, it will be noteworthy for a number of reasons.




Probably not doctor prescribed.
Hungarian Government Suspends GDPR Data Subjects Rights
On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests. The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree has been heavily criticized by civil society groups and prompted the scrutiny by the European Data Protection Board (“EDPB”).




Like much of what TSA does and says, I don’t get this at all. Sounds like they are going to become a huge surveillance database and start screening people who aren’t currently required to go through TSA screening.
TSA Issues Road Map to Tackle Insider Threat With Artificial Intelligence
The Transportation Security Administration is planning to increase and share information it collects, including that gleaned from employees, with other federal agencies and the private sector in an effort to prevent insiders from perpetrating various harmful malfeasance.
Artificial Intelligence, probabilistic analytics and data mining are among tools the agency lists in a document it issued today loosely outlining the problem and the plan to create an “Insider Threat Mitigation Hub.”
A TSA press release identified three parts of that strategy as “promoting data-driven decision making to detect threats; advancing operational capability to deter threats; and maturing capabilities to mitigate threats to the transportation sector.”
Under the first objective, TSA plans to “develop and maintain insider threat risk indicators,” which could include behavioral, physical, technological or financial attributes that might expose “malicious or potentially malicious” insiders.
TSA pre-empted concerns [Riiight… Bob] usually associated with massive data collection practices by including the protection of privacy and civil liberties among the “guiding principles” it said would accompany its efforts.
[From the “plan”:
For the purposes of this roadmap, we define Insider Threat as the threat that an individual with authorized access to sensitive areas and/or information, will wittingly or unwittingly misuse or allow others to misuse this access to exploit vulnerabilities in an effort to compromise security, facilitate criminal activity, terrorism, or other illicit actions that inflict harm to people, organizations, the transportation system, or national security




I’ll try to pull some of this into my classes. There seems to be a lot to choose from.
Skills for the future start today — new resources for students
Students are natural continuing learners — it’s in their DNA. And to make it easier for them to both acquire and transfer knowledge, Microsoft Learn now has a new home just for educators and students, including our Microsoft Learn Student Ambassadors.



Thursday, May 14, 2020


Forewarned is forearmed.
A Complete List of Coronavirus (COVID-19) Scams
Self – “As anxiety around coronavirus increases, more scammers are taking advantage. While scams can happen any time, many companies are now preying on people’s fear about contracting COVID-19 and the financial uncertainty due to job and income loss caused by the virus, among others. Here’s what you need to know to help protect yourself from scams related to the Coronavirus. In this article:




Not a bad little backgrounder.
What Is a Website Cookie? How Cookies Affect Your Online Privacy




I would have guessed ‘delete.’
New Trends in Data Subject Requests Reveal a Shifting Landscape for CCPA Compliance
US privacy management firm DataGrail has released the findings of its investigation into CCPA compliance, revealing how consumer requests, known as data subject access requests, have shaped up over the course of the first quarter 2020.
The data subject access requests break up into three distinct categories—deletion requests, do-not-sell requests, and access requests.
DataGrail’s study revealed, among other things, that while consumers currently care most about having their data deleted at present, do-not-sell requests will likely become the most dominant privacy request based on early trending data, and play a more significant role for firms seeking to meet CCPA compliance standards.




We already have plenty of examples of “undue reliance.” Why would AI make a significant change?
When machines think for us: consequences for work and place
In a new paper, we argue that the impact of AI on work is not deterministic: it will depend on a range of issues, including place, educational levels, gender and, perhaps most importantly, government policy and firm strategy.
First, we challenge the commonly held assumption that the effects of AI on work will be homogeneous across a country.
Secondly, education matters.
Thirdly, it appears men’s jobs are currently more vulnerable to automation—especially those requiring lower educational attainment, since these tend to be routine industrial tasks amenable to mechanisation.
Fourthly, the consequences of AI on work will depend, crucially, on policy and the firm.




I would like this to be possible, but I’m not sure it is. Can they enforce a law that relies on technologies that do not exist?
France to force web giants to delete some content within the hour
Social networks and other online content providers will have to remove paedophile and terrorism-related content from their platforms within the hour or face a fine of up to 4% of their global revenue under a French law voted in on Wednesday.
For other “manifestly illicit” content, companies such as Facebook, Twitter, YouTube, Instagram and Snapchat will have 24 hours to remove it, according to the law, which sets up a specialised digital prosecutor at the courts and a government unit to observe hate speech online.




Perspective.
Gartner Predicts IT Spending Will Plummet By $300 Billion In 2020 As CIOs Slash Budgets
Gartner says it thinks global tech spending will drop 8% in 2020 based on what it is hearing from tech suppliers and other sources. It’s forecasting that $3.46 trillion will be spent on IT products and services this year by businesses and consumers, down from $3.76 trillion in 2019.
The research firm, which isn’t betting on a rapid V-shaped economic recovery, reckons IT spending in some of the worst hit sectors such as airlines and hotels could take more than three years to rebound to 2019 levels.




Please do not tell my students about this site. I have enough problems understand them as it is…
This AI makes up words you won’t even find in the dictionary
You'll be absolutely doodlewinkled



Wednesday, May 13, 2020


Do I have your attention now?
Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack, According to Sophos
One of the interesting things I learned this past week at the Privacy+Security Forum Spring Academy was that 75% of a prominent law firm’s clients were able to recover from a ransomware attack without having to pay ransom. I was surprised to hear that statistic, as I would have guessed a higher percentage paid ransom. Their experience, though, is consistent with what is reported in Sophos’ global survey, summarized below in Sophos’s press release:
Sophos, a global leader in next-generation cybersecurity, today announced the findings of its global survey, The State of Ransomware 2020, which reveals that paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery. In fact, the total cost of recovery almost doubles when organizations pay a ransom.
The average cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was more than $730,000. This average cost rose to $1.4 million, almost twice as much, when organizations paid the ransom. More than one quarter (27%) of organizations hit by ransomware admitted paying the ransom.
Organizations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” said Chester Wisniewski, principal research scientist, Sophos.
More than half (56%) the IT managers surveyed were able to recover their data from backups without paying the ransom. In a very small minority of cases (1%), paying the ransom did not lead to the recovery of data. This figure rose to 5% for public sector organizations. In fact, 13% of the public sector organizations surveyed never managed to restore their encrypted data, compared to 6% overall.
An effective backup system that enables organizations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” added Wisniewski. “Advanced adversaries like the operators behind the Maze ransomware don’t just encrypt files, they steal data for possible exposure or extortion purposes. We’ve recently reported on LockBit using this tactic. Some attackers also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay. The way to address these malicious maneuvers is to keep backups offline, [Is this less obvious than I thought? Bob] and use effective, multi-layered security solutions that detect and block attacks at different stages.”
Source: Sophos




The “Ready, Fire, Aim” school of Management?
The Palm Beach County School District suffers massive pwd breach after second grader hacks them
From the no-one-could-have-possibly-foreseen-kids-figuring-out-default-password-conventions dept., Andrew Colton reports:
The Palm Beach County School District is in the midst of a massive computer security crisis that draws into question the authenticity of every assignment completed by every student since “distance learning” began, after BocaNewsNow.com learned that an elementary school student hacked the school district’s password system.
We are not revealing the password convention that is used in the school district, but the second grader’s — you are reading that correctly, the second grader’s — hacking resulted in an emergency login change for “live” morning meetings in several elementary schools last week. It did not result — yet — in a district-wide reassignment of student passwords for the School District’s “Portal” which provides access to Google Classroom.
Read more on Boca News Now.
[From the article:
Later Monday evening, the School District confirmed that elementary school students are not permitted to change their passwords. A spokesperson said that may change this week as a result of the massive password compromise.




Interesting, but hard to summarize. Worth reading.
Naomi Klein: How big tech plans to profit from the pandemic




Perspective. The new “post-pandemic” normal?
Twitter Will Allow Employees To Work At Home Forever




Politicians take note! A more approachable spokesman?
Spongebob Can Now Narrate Your Writing
Fifteen.ai is a proof of concept web platform that allows you to make various characters from different pieces of media repeat what you write. The site, funded by MIT, has served over 4.2 million audio files which are the output of different characters speaking out the text the users have requested.




Type cursive in your own handwriting?
How to Turn Your Handwriting Into a Font
In this article, we’ll show you how to make your handwriting a font with Calligraphr for free. You can add letter variants for a natural style, adjust the alignment and spacing, and even export the end product as a standard font format. And it only takes ten minutes.
To get started, head to the Calligraphr website and click the Get Started For Free button to create an account. There’s no need to upgrade to a Pro account unless you want more than two variants or ligatures.



Tuesday, May 12, 2020


Someday we will take the time and spend the money to secure our elections. Someday…
DHS memo: 'Significant' security risks presented by online voting
The Department of Homeland Security has told election officials and voting vendors that internet-connected voting is risky to the point that ballots returned online “could be manipulated at scale” by a malicious attacker.
The advisory that DHS’s Cybersecurity and Infrastructure Security Agency sent states on Friday is perhaps the federal government’s sternest warning yet against online voting. It comes as officials weigh their options for conducting elections during a pandemic and as digital voting vendors see an opportunity to hawk their products.


(Related)
Putin Is Well on His Way to Stealing the Next Election




SO, if the dog finds drugs they can’t say, “good dog?”
Tim Cushing writes:
This case, via FourthAmendment.com, is an amazing anomaly. Not only did the court choose to hear from experts on drug dog training and handling, it actually went so far as to call into question the reliability of every drug dog in the state.
The suppression order [PDF] contains a subheading rarely seen in federal court decisions:
A. The court has serious concerns about Tank’s training and reliability.
Tank is Officer Moore’s drug dog. Officer Moore handled the training in accordance with Utah’s Peace Officer Standards and Training (POST) guidelines. Unfortunately, those guidelines do nothing to prevent officers from turning drug dogs into subservient partners with a desire to please and a willingness to respond to handler cues.
Read more on TechDirt.




Does this lower the threshold of acts of war?
The Importance of New Statements on Sovereignty in Cyberspace by Austria, the Czech Republic and United States
A recent United Nations event gave States a new opportunity to announce their positions on how international law applies to cyberspace, and those of Austria and the Czech Republic stood out. The United Nations Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (OEWG ) held its second substantive session February 10-14. In their statements, both States took firm positions in the ongoing debate concerning whether sovereignty is merely a principle, or also a rule of international law, with both supporting the latter view by recognizing the existence of an independent obligation to respect sovereignty in cyberspace.
The Austrian representative stated (from 2:40:10 in this webcast, reaffirmed here, p. 3):
Austria has recently been the target of a severe cyber operation. In that context, we would like to refer to the principle of state sovereignty. A violation of this rule constitutes an internationally wrongful act – if attributable to a state – for which a target state may seek reparation under the law of state responsibility. A target state may also react through proportionate countermeasures.




Covid-19 has changed everything. Can we un-change things?
AI, Robots, and Ethics in the Age of COVID-19
Before COVID-19, most people had some degree of apprehension about robots and artificial intelligence. Though their beliefs may have been initially shaped by dystopian depictions of the technology in science fiction, their discomfort was reinforced by legitimate concerns. Some of AI’s business applications were indeed leading to the loss of jobs, the reinforcement of biases, and infringements on data privacy.
Those worries appear to have been set aside since the onset of the pandemic as AI-infused technologies have been employed to mitigate the spread of the virus. We’ve seen an acceleration of the use of robotics to do the jobs of humans who have been ordered to stay at home or who have been redeployed within the workplace.
After a vaccine for COVID-19 is developed (we hope) and the pandemic retreats, it’s hard to imagine life returning to how it was at the start of 2020. Our experiences in the coming months will make it quite easy to normalize automation as a part of our daily lives. Companies that have adopted robots during the crisis might think that a significant percentage of their human employees are not needed anymore. Consumers who will have spent more time than ever interacting with robots might become accustomed to that type of interaction. When you get used to having food delivered by a robot, you eventually might not even notice the disappearance of a job that was once held by a human. In fact, some people might want to maintain social distancing even when it is not strictly needed anymore.




No worries! By the time we’ve experienced a couple of dozen pandemics, AI will catch up.
Our weird behavior during the pandemic is screwing with AI models
In the week of 12 to 18 April, the top ten search terms on Amazon.com were: toilet paper, face mask, hand sanitizer, paper towels, lysol spray, clorox wipes, mask, lysol, masks for germ protection, and n95 mask. People weren’t just searching, they were buying too—and in bulk. The majority of people looking for masks ended up buying the new Amazon #1 Best Seller, “Face Mask, Pack of 50”.
When covid-19 hit, we started buying things we’d never bought before. The shift was sudden: the mainstays of Amazon’s top ten—phone cases, phone chargers, Lego—were knocked off the charts in just a few days.
But they have also affected artificial intelligence, causing hiccups for the algorithms that run behind the scenes in inventory management, fraud detection, marketing, and more. Machine-learning models trained on normal human behavior are now finding that normal has changed, and some are breaking as a result.




W hat have I ever done to amuse or anger the Turkmen?






Monday, May 11, 2020


Is China afraid we won’t share information on a cure? Perhaps they want to file their patent first?
U.S. to Accuse China of Trying to Hack Vaccine Data, as Virus Redirects Cyberattacks
The F.B.I. and the Department of Homeland Security are preparing to issue a warning that China’s most skilled hackers and spies are working to steal American research in the crash effort to develop vaccines and treatments for the coronavirus. The efforts are part of a surge in cybertheft and attacks by nations seeking advantage in the pandemic.




Because people with lots of time on their hands might find something they don’t like?
States Are Suspending Public Records Access Due to COVID-19
The Markup – There is little precedent for such action, even in an emergency: “…Hawaii is among several jurisdictions around the country that have amended or suspended access to public records as the coronavirus spreads. Governors are taking emergency action in some states, ordering changes to public records compliance during the crisis. Other states and municipalities have made legislative changes to their laws. But government-transparency advocates argue that in a time of crisis, access to public records is even more important. Officials say they need to take drastic actions to battle the pandemic. In New Jersey, where the state legislature amended its open records law, an analyst with an association of state municipalities told NJ.com that officials “need the flexibility during emergencies to be able to run government and respond to the emergency at hand.” A San Diego county spokesperson told the Voice of San Diego recently that “the public interest in receiving records at this time is outweighed by public interest in having county personnel free to handle this ongoing emergency. State and local jurisdictions aren’t the only ones making changes. At the federal level, government agencies are making their own decisions about how to process requests. But it’s clear those requests are facing heavy delays. The Reporters Committee for Freedom of the Press (RCFP) recently found that several agencies were telling requesters to expect delays through the course of the crisis…”




Perspective. All is not profits at Amazon? Are they loosing market share or is this a new market?
Amazon's Empire Is Vulnerable to 'Rebel' Incursions
Amazon is widely considered one of the biggest beneficiaries of the e-commerce boom, as self-isolating consumers shift their shopping behavior to purchase more online. The numbers are bearing out the trend: While most companies are suffering from dramatic business slowdowns, Amazon last week posted first-quarter revenue of $75.5 billion, up 26% from a year earlier, and projected continued momentum by giving a sales growth forecast range of 18% to 28% for the June quarter. Amazon’s growth hasn’t come without issues, though. The company has faced severe logistical challenges to meet demand – including the rapid hiring of 175,000 additional workers. And the stress put on its supply chain and delivery networks, along with the prioritization of certain essential items, has led to shipping delays and many shortages for its customers. Questions revolving around workplace safety have also dogged Amazon.
With Amazon so much in the spotlight, it may be surprising to know that consumers are increasingly going elsewhere for their online shopping needs. In fact, several e-commerce sellers are showing dramatically faster growth rates than the tech giant. On Wednesday, Shopify revealed the aggregated online sales of its merchant customer base grew 46% in the first quarter and accelerated further in April. That news came after online furniture retailer Wayfair Inc. said it had revenue growth of roughly 90% so far in its second quarter, a significant increase versus the 20% growth it generated for the three months ended in March.
Traditional retailers are flourishing as well. On April 23, Target Corp. said its online business had risen more than 275% month-to-date to that point, while electronics retailer Best Buy Co. also pointed last month to recent triple-digit growth trends for its website. Costco Wholesale Corp., meanwhile, reported April e-commerce sales growth of 86%.




History, as written at the time…
The Newspaper Navigator Dataset
Chronicling America is a product of the National Digital Newspaper Program, a partnership between the Library of Congress and the National Endowment for the Humanities to digitize historic newspapers. Over 16 million pages of historic American newspapers have been digitized for Chronicling America to date, complete with high-resolution images and machine-readable METS/ALTO OCR. Of considerable interest to Chronicling America users is a semantified corpus, complete with extracted visual content and headlines. To accomplish this, we introduce a visual content recognition model trained on bounding box annotations of photographs, illustrations, maps, comics, and editorial cartoons collected as part of the Library of Congress’s Beyond Words crowdsourcing initiative and augmented with additional annotations including those of headlines and advertisements. We describe our pipeline that utilizes this deep learning model to extract 7 classes of visual content: headlines, photographs, illustrations, maps, comics, editorial cartoons, and advertisements, complete with textual content such as captions derived from the METS/ALTO OCR, as well as image embeddings for fast image similarity querying. We report the results of running the pipeline on 16.3 million pages from the Chronicling America corpus and describe the resulting Newspaper Navigator dataset, the largest dataset of extracted visual content from historic newspapers ever produced. The Newspaper Navigator dataset, fine tuned visual content recognition model, and all source code are placed in the public domain for unrestricted re-use.




A market for “free?” I often point my students to open textbooks just to give them a second perspective.
In the COVID-19 world, open source textbooks are the way of the future
Kyle Hiebert – National Post: “Universities have the chance to save students huge sums of money by ramping up the creation and use of open educational resources, particularly open textbooks… Long story short, any current or aspiring post-secondary student looking to go to college or university anytime soon will likely end up doing so largely online and will be further financially stressed because of it. The prime benefit of adopting OER — which is defined as digital learning materials offered for free through Creative Commons licenses is that it greatly reduces the cost of receiving a post-secondary education. The average student in Canada taking a full course load will spend hundreds, sometimes thousands, of dollars a year on textbooks. That is on top of tuition, which is also on the rise. The most significant cost is for textbooks for year-long introductory courses in major subjects — think chemistry, psychology, accounting, biology, sociology, engineering, physics and others. However, the core concepts students need in order to gain a grounding in these disciplines remains relatively static year-to-year, and high-quality, peer-reviewed open textbooks for these courses already exist for free in digital form as downloadable PDFs. And online classes necessitate that any learning material be provided digitally, anyway…