Digital lending libraries

When the iPad was launched in 2010, Apple also announced iBooks, an ebook reader with corresponding digital store. It made a lot of sense, especially as the iPad is about the size and weight of a large book.

Despite this great start, digital books in schools have never really taken off. I feel that part of this is the technical distribution challenge and the other is the cost. With 1:1 iPads and a decent MDM, we have sort of solved the first problem and have been able to give out digital texts at my school. However, book licenses are not re-assignable in Apple Books, which makes the whole thing only workable with free titles.

So I wondered: might a digital lending library be possible? And after a bit of searching, I discovered one…

Hello Sora!

Overdrive have created and app and digital service called Sora. Once it’s set up for your school, it offers an ebook reader that works on iPad and the web, including the facility to sync annotations and titles across devices and even play audiobooks.

The best thing though is a subscription they offer in the UK called Ebooks Now. Once paid up, you get access to large range of digital texts that can be ‘borrowed’ by students in school. They keep a close eye on which titles are being read or otherwise, swapping out unpopular titles and keeping the selection as fresh as possible.

Bubble Books

When we returned from the first COVID lockdown in September 2020, they there were all sorts of concerns about restricting the risk of viral transmission with shared resources or spaces. So things like a school lending library were out of the question!

Instead I proposed that we get Sora at school, making the most of our 1:1 iPad programme by offering a digital lending library to our students.

It was really easy to get set up, and Overdrive even allowed us to authenticate users with our on-premises Active Directory (and later swapping to Azure for cloudy credentials). Once logged in, children could browse our school’s digital collection, borrow or reserve books and then read to their hearts’ content!

Reading the results

There’s been lots of benefits. Here’s a few…

  1. Lockdown library. When we had to switch again to remote learning in January 2021, children were still able to log into Sora to borrow and read books at home. With no other way to provide books to our students, this was a fantastic way to keep our children reading.
  2. Lending leader. As an admin, I’m able to see the number of titles that have been loaned by kids in our school. And in the last year, that number was 47,111! Which I think is not too bad…
  3. Idle moments. Because we are 1:1 iPad, teachers are able to make use of the ‘down’ time in the classroom to do reading on Sora. Obviously reading an ‘analogue’ book is just as good, but it does mean children can listen to audiobooks easily too, as well as change or renew books without having to leave their seat.

So Sora definitely comes with a thumbs up from me!

Using Explain Everything as an Interactive Whiteboard

For my ‘One Best Thing’ project from the 2015 Apple Distinguished Educators Institute, I wrote a little book about using Explain Everything as an interactive whiteboard (imaginatively titled ‘Using Explain Everything as an Interactive Whiteboard’).

As the book is now six years old, I’ve done a bit of a refresh, updating screenshots and converting it from an iBooks Author ‘iBook’ to an ePub in Pages.

It’s now been published and can be downloaded here. Enjoy!

STEM Week ‘escape room’ Showbie Group challenge…

Back in November, we had a ‘STEM’ week at school, which was an opportunity to celebrate the subjects of Science, Technology (Computing), Engineering (Design Technology) and Maths and the interconnections between them all. As a 1:1 iPad school, what better way to do this than setting up a virtual ‘escape room’ challenge using Showbie Groups?

Showbie has had ‘groups’ for a while now, which are basically a bit like a mix between an assignment and a class discussion, and has its own little ‘groups’ section in the UI separate from classes. They are created by a teacher, are joinable by both parents and students, and can be set to ‘announcements only’, thus preventing everyone else from posting in them (should you so desire). To join them, all you need is a 5-character Showbie Group code.

From this came the germ of an idea: students would be given a URL within Showbie to join the starting Showbie Group, which would explain the rules of the game as well as the code for the first subject’s Showbie Group, e.g. Science. Each subject would have its own group and challenge, with the outcome of the challenge revealing a-5 character code that would take you to the next subject’s Showbie Group. Once all of the tasks and subjects had been completed, children would then have successfully won the ‘escape room’ challenge.

We decided to differentiate by year groups/phases, as a Year 1 child would need a different level of challenge to a Year 2 child, as would lower Key Stage 2 (Years 3-4) and upper Key Stage 2 (Years 5-6). This required the creation of quite a few different Showbie Groups – 21 to be precise (4 different levels of challenge, 4 subject each plus a ‘welcome’ landing group, with a shared ‘celebration’ victory group)!

With this all this set up, each subject then began devising their activity and challenges. My computing team and I took on the T in technology and we came up with iPad tasks as follows.

Task 1: Pages

In Pages, we created increasingly difficult puzzles that mostly involved changing the colour of the text within a coloured box to reveal one of the characters in the Showbie Group code. We tried to include some instructions on what to do, to make it not too hard and not too easy.

Year 2 computing puzzle – I do admit it’s a lot of selecting and changing the font colour…

Task 2: Keynote

In Keynote, we wanted to make use of children’s skills in selecting, moving and rotating objects to make a literal jigsaw puzzle. And rather than just show the required Showbie Group code character, why not include a homophone instead? The hardest part was subtracting and combining shapes to create suitable ‘jigsaw’ outlines, before using them to mask over part of an image. A little fiddly, but certainly good fun.

Upper Key Stage 2 puzzle – the wise amongst you will figure out it’s a ‘Bee’ (therefore the letter B) before needing to actually piece the puzzle together!

Task 3: GarageBand

For this task, we wanted to use audio in some way. In Years 1 and 2, we just recorded something as a Showbie voice note, but for Key Stage 2 we made it more tricky by including a GarageBand project file. Years 3 and 4 had to know how to turn up the volume on a specific track to hear back the Showbie Group code and Years 5 and 6 had to reverse and speed up my dulcet tones for their answer. Certainly more tricksy!

Upper Key Stage 2 puzzle – with a nice little clue in the name of the track that ‘sdrawkcab ma I’…I am backwards!

Task 4: iMovie

This was possibly the most difficult task for children, particularly the older ones. For Key Stage 1, we just had a first-person video of me wandering around the school until I zoomed into the next character of the Showbie Group code. Lower Key Stage 2 had an iMovie project with a the Showbie Group code character inserted as a cutaway halfway through, which wasn’t too difficult. Upper Key Stage 2 had the real challenge, which was an iMovie project of a first-person shot down a corridor with no Showbie Group code character to be seen. What children had to do was select the clip in the timeline and then extend it backwards to reveal the missing character: I gave no clues that this is what you needed to do, so most people didn’t get it!

Year 1 – a flavour of what the ‘Technology’ Showbie Group looked like…

Task 5: Numbers

The final task for each year group/phase was a little Numbers spreadsheet that, once the correct characters were entered, would reveal the final character for the Showbie Group code. This was a fun little document to make, and was a useful check that children had solved the previous puzzles before allowing them to move onto the next Showbie Group. We made it harder/easier by the number of possible characters that appeared in each dropdown box and whether it gave feedback by changing colour if you selected the correct character. It would have been quite easy to hack the spreadsheet to reveal the correct code, but I’m not sure our students knew enough Numbers formulas for that!

And that’s how you crack the code!

All in all, I think children had a lot of fun completing all the tasks, solving the puzzles and engineering their way out of the ‘escape room’. It was a rather time-consuming little project, but worthwhile I feel.

Jamf Connect

Since, like, forever, we have had our Macs at school bound to our Active Directory. Initially this was to try and match the experience people were used to with logging into PCs, with a shared drive and a network ‘home’. But as we started to migrate to the cloud, the jobs of the trusty (or not) Windows server were increasingly given away elsewhere, e.g. using Google Drive for our shared drives and so on. This left the Macs just using network accounts purely to authenticate users. Was there a way to log onto the Macs using cloud credentials?

Defining the benefits

‘Moving to the cloud’ is something that is spoken of as an untrammelled good, but it’s useful to articulate the advantages. What would be the benefit of moving away from logging in on-premises Active Directory?

  1. A service is the cloud is a service that is someone else’s problem if it breaks. Before we moved to Google Drive, all of the school’s really important documents just lived on a hard drive on a server in a cupboard. Whilst the data was backed up, it still was a rather fragile single point of failure. If the running of the server is handed over to people who actually know what they’re doing (e.g. Microsoft or Google), this is one less thing for a school to worry about.
  2. A job that’s handled by the cloud is one less job for an on-premises server. Hopefully, if enough jobs can be given away, we can get rid of the server altogether!
  3. Unifying the sign-in experience. We use Microsoft accounts in an ever-increasing variety of places, such as with federated Managed Apple IDs and as part of the initial setup process on an iPad, so if teachers are used to using the Microsoft account every day on the Macs, this will help them become more familiar with it.
  4. Giving a more reliable experience. Whilst binding to AD has been part of the Mac since OS X and before, it feels like directory access is something that randomly breaks as the OS updates or upgrades. So if we just move beyond it, this removes one more point of failure.
  5. Allowing remote users to log into their Macs. Since the COVID pandemic, there’s been an increasing number of users in school who need to be able to log into their Macs when not on the school network. If the Mac is still bound to the AD, this isn’t necessarily possible.
  6. Moving with where things are going. Back in 2015, we moved from managing our Macs with a Mac Server running Workgroup Manager (those were the days) to an MDM approach with Jamf Pro. Workgroup Manager continued ‘working’ for several more years of macOS updates after that before being discontinued with Yosemite, but it was good to be ahead of the curve and avoid running in a brick wall. Moving away from binding to AD feels like the same sort of thing.

Enter Jamf Connect

So, what to replace network accounts with? In 2018, Jamf acquired NoMAD, which was an open-source alternative to using Apple’s directory tools for authenticating users. It then turned into Jamf Connect, a paid solution that offers it’s own login screen and a menu bar tool. How does it work?

  • Installation of Jamf Connect requires a ‘jump start’, a remote support session from a Jamf technician to set it all up in your environment. A great way to get it all working!
  • There is a Jamf Connect Configuration Tool that is required to set up the different settings, such as which identity provider you’re going to use as well as a plethora of different options.
  • We then set up the login screen (complete with custom wallpaper) so that users were required to sign into the Mac using their Microsoft account. If an existing AD account was already there, this was converted from a ‘mobile‘ account to a standard Mac user account. The login process then asks for the user to enter their password for a second time, which then unlocks the account on the Mac itself.
  • Once logged in, we configured it so that the Jamf Connect menu bar item was automatically logged in with the Microsoft account, which then kept the local Mac password in sync with the cloud password.

Once we had installed the Jamf Connect software and configuration options, and told staff what to expect on their new login screen, it seemed to work just fine!

Things to watch out for

It wasn’t entirely a plain sailing from this point however. The way Macs are set up at school is that, whilst a particular Mac may only be used by a subset of users, it could potentially be logged into by any member of the staff team. If a user had changed their password since logging into a Mac and then returned to that Mac, the local password would be the old one. When using network accounts, the Mac would happily log in using the new password and then would prompt the user for the old password to update the keychain password. If the user didn’t know their old password, the old keychain would be replaced with a new password.

With Jamf Connect, this scenario gets more complicated. If the user’s account is still a ‘mobile’ account and has not been converted to a ‘standard’ account as part of the initial login with Jamf Connect, the Mac can still talk to Active Directory to at least still let the user into the local account before it is then ‘demobilised’. (Please see Jamf’s documentation for more information about this.) For this reason, it’s important to not unbind the Macs from the Active Directory until you’re sure there are no remaining ‘mobile’ accounts on it. I found some handy ‘extension attribute’ scripts that will tell you which Macs on Jamf Pro still have network accounts on them.

If a user’s account is a normal ‘standard’ account, either because they’ve demobilised an existing network account or have just signed in fresh with Jamf Connect, and they then change their password outside of using the Mac and return to the Mac, there thankfully is a solution to getting back into this account. I found a handy blog post that explains the commands you can use to change the password on a given user account. I turned this into a script that can be run from Self Service, which prompts the user for the username of the account you’re trying to change the password of. You need to actually be logged into a machine to do this, which can be done with a local admin account or something like that. In the script I made it change the password to something that only your tech team can know, preventing any unscrupulous users changing the password of another account and then trying to log in! The next time the user logs in via Jamf Connect, they can then enter the temporary password as the known local account password, which Jamf Connect will then change to the user’s cloud password once they’re logged in.

Below is the script in question:

#Freddie Cox for Knox County Schools
#Edited by Tim Lings
set -x

sleep 1

userName=`/usr/bin/osascript <<'EOT'
 tell application "System Events"
    set userName to text returned of (display dialog "Please enter affected username:" default answer "" with icon 2)
end tell

#Reset local password
/usr/bin/dscl . -passwd /Users/"$userName" temporarypassword

One last thing we discovered is that some users had figured out that they could click ‘local account’ the login screen and then login with their normal AD credentials, rather than having to put in their cloud Microsoft account. It is possible to set the configuration for the Jamf Connect login window using ‘DenyLocal’ to prevent this happening (with the option to also specify local admin logins that you still want to allow).

Back to School

Ah, September. The time of year when the school that everyone has so diligently and careful taken apart, sorted out and tidied away in July has to be put back together again in a matter of days because all of the children are starting school again.

The same applies with technology in schools. With our 1:1 iPad programme, September is when we have to setup new iPads for our students. Depending on the refresh cycle, this can be anything from three to six year groups that need doing. Thankfully, this year it was only Years 1-3, as we had just started a new lease with Key Stage 1 iPads and the Year 3s needed the iPads that Year 6 had finished with at the end of term.

This year, we (my technician and I) successful got all the iPads up and running by the end of day two of term…which I think was pretty good going! We managed the four classes in Year Three in one day, involving students setting up the iPads themselves, and got all eight Key Stage 1 classes ready, which we set up for the students in our bespoke Using Shared iPad Mode In The Wrong Way approach, in a day and a half.

Which I think is pretty good going! And much better than last year, which took three or four times as long.

So, what was different this year?

  • Having a technician again. For various reasons, the previous year I was left bereft of an IT technician, which makes a huge difference when it comes to deployment. Another pair of capable hands saves so much time.
  • Network upgrades. Our network has 802.11ac wireless access points and a 10gig fibre backbone but the actual cabling into some classrooms was shockingly old. In the last year we’ve rectified this with CAT 6a cabling upgrades. Which makes things much faster, or at least not noticeably slow!
  • Federated Managed Apple IDs. We’ve linked up our Microsoft accounts with the school Apple IDs, which means users have the same password that is used in other systems. Reducing complexity is always worth it.
  • Single sign on with Jamf Pro. We’ve turned on single sign on using Microsoft accounts with our MDM (Jamf Pro), which means that users are using the same account to authenticate with the MDM as they are with their Apple ID. One less thing to remember — “just type it all in again!”
  • Single sign on in other places too. We’ve also made use of student Microsoft accounts with logins for Showbie (our learning platform), Mathletics (for practising maths skills) and Sora (our digital lending library). It helps students become more familiar with their Microsoft account credentials and, I think, reduces complexity again.

When dealing with a school of iPads, making the effort to smooth out the speed bumps is always worth it in the long term. For technology to be an effective tool in the classroom, it’s got to ‘just work’ as much as possible, so it fades into the background and instead supports learning.

Giving macOS Software Updates a Nudge

When we first got a small suite of iMacs at my school back in 2010, I could keep them all up-to-date by just manually going around and running Software Update on each machine. Later on I discovered that I could use Apple Remote Desktop to push out a Unix command to trigger the update on multiple machines at once, which seemed pretty cool at the time.

However, as the number of Macs began to multiply, keeping on top of updates became an increasing problem. As the computers were spread out across the school, I couldn’t be sure that they weren’t being used when I was wanting to run the updates, and the whole process required too much hand-holding.

After a bit of searching around on the interweb, I stumbled upon Munki. Developed by Greg Neagle at Disney, it allowed (amongst other things) for a Mac to install Apple’s software updates whilst the Mac was sitting on the login screen. By scheduling the Macs to turn on early enough in the morning, I could be sure that they were freshly on the latest and greatest version of the operating system for users at the start of each day.

Fast forward to 2020 with macOS Big Sur, and then Apple Silicon, Apple Software Updates increasingly relied on the user to actually hit the ‘restart’ button for them to install, leaving Munki unable to perform this task automatically. What to do about this?

The first thing I did was to use a configuration profile to turn on ‘automatic updates’ in System Preferences. Some updates would still require a user-initiated restart however.

I then came upon a newly developed piece of software called Nudge. Read a great blog post by Andrew Doering here!

The idea of Nudge is that the little application will pop up and ‘nudge’ users towards hitting that restart button in System Preferences. It can be configured in lots of different ways, such as giving users a certain number of dismisses of the app before it starts seriously nagging the user to just do the update. Great stuff!

Everything about how to install and set it up is on the Get Started and Readme pages, so do take a look there. Here are a few pointers from my experience, which may also be of assistance:

  • First thing to do is to get the Nudge app installed. The latest build is on the site and can be deployed using your management tool of choice. I used a policy in Jamf Pro.
  • Next you need to configure it. I used a configuration profile, making use of the handy Jamf Pro Guide which explains how to import a JSON configuration schema. Nice!
  • I completely missed step three at first, which is to install the launch agent, which is programmed to make Nudge run every 30 minutes. As otherwise it will never start nudging those users!

I’ve let staff know that we need them to play their part and run the update, but hopefully Nudge will, we, ‘nudge’ them along nicely as well!

Books for kids

When the iPad first came out back in 2010, it also came with what was then called ‘iBooks’, Apple’s answer to the Amazon Kindle. You could buy and read digital books straight on your lovely new iPad…fantastic!

Some time after that, Apple brought out the Volume Purchase Programme, which allowed schools/businesses to buy copies of apps and books for their users. These came in the form of codes which would have to be redeemed against a user’s Apple ID. These codes could only be used once, which meant that if a user left your organisation you’d have to buy all their apps again, or recycle their Apple ID by changing the name and password.

Fast forward to 2013 and Apple brought out Managed Distribution, which allowed an institution (via MDM) to assign app and book licences directly to a user’s Apple ID. With apps, these licences could be recalled and distributed elsewhere if required, but with books the licence got ‘used up’ if assigned.

A few years later, Apple rolled out device-based app assignment, which allowed an app to be assigned to a specific iPad even if there wasn’t an Apple ID on the device.

Not so with books: these still needed to be assigned to an individual rather than a device.

In order to distribute copies of Apple’s coding or creativity resources to teachers, I was quite happy to assign those book licences to individuals because there were only so many teachers in the school. But when it came to our KS2 deployment, there wasn’t a way in Jamf Pro to easily make a list of all the 450 students and then assign them books.

However, in Jamf Pro 10.16, a new feature was released that allowed for the creation of smart user groups based on information imported from Apple School Manager. So this would allow me to make a smart group with just the students in a specific class or year group. Which I could then use to assign books. Added to this was the feature that allowed for the automatic registration of users with volume purchasing if they have a Managed Apple ID, which basically meant that the MDM could assign apps/books to the user without the user having to agree to the registration. Which is handy when working with a whole school 1:1 programme!

Jamf Teacher on Jamf Pro

When we first deployed Jamf Pro many years ago, when it was still called Casper Suite, there was a great little app called Casper Focus that allowed teachers to lock student iPads into apps, trigger AirPlay and — most importantly — reset passcodes on student devices.

Then along came Apple Classroom, plus a rebrand of Casper Suite to Jamf Pro, and Casper Focus was quietly retired. Don’t get me wrong, Apple Classroom is a GREAT product and gives teachers a powerful yet discrete way to keep tabs on what’s going on in the classroom. But it lacks the ability to reset student passcodes on devices. This meant that teachers had to contact IT to get iPads unlocked, should a child forget the 12 character alphanumeric passcode that they had thought would have been such a great choice for their device.

Until now.

Back in 2009, Jamf purchased an education-focused MDM called Zuludesk, and with it some really great apps for teachers, students and parents to manage their devices. Zuludesk became Jamf School and the handy classroom-controlling app for instructors became Jamf Teacher. As a user of Jamf Pro, we were still left out in the dark.

Thankfully, Jamf announced yesterday at their (remote) Jamf Nation User Conference that Jamf Teacher is now on Jamf Pro. Yay! Hopefully this will mean less Helpdesk calls from teachers and, more importantly, students able to get on with their learning more quickly.

Breaking the Webinar Fourth Wall

I love running educational technology workshops: it’s a chance to meet face-to-face with a group of educators, to share ideas and approaches on how to use computers in the classroom, and then watch teachers’ imaginations light up as they discover just what could be possible. Well, that’s the plan anyway!

I have had the privilege of running the Greenwich Apple Regional Training Centre for the last four years, delivering iPad workshops with a diverse audience of teachers. But with the COVID-19 lockdown, face-to-face workshops are just not an option. So, starting a few weeks ago, we started hosting some Apple RTC Zoom webinars. I had seen Zoom webinars being used successfully (such as for my church’s Sunday morning livestream!) and so it seemed like a good platform to go for.

Initially I thought of just running these webinars using a normal Zoom meeting, with each attendee appearing in the well-known video wall. However this puts an extra pressure on those attending to open up their homes/offices to complete strangers and doesn’t allow people to just tune in and listen. I also wanted to be able to integrate between Zoom and Eventbrite, both to know who is actually signing into the webinar and to make the sign-in process for attendees as easy as possible. So instead we went for the paid Zoom webinar add-on. The difference with this is that the host is the only one who can share their screen video.

Now with this comes the challenge of how you still reach out and cross the fourth wall and help attendees still feel like it’s an interactive workshop and not just watching a TV show. If we just wanted to put on a ‘performance’, we could just record it in advance and put it on YouTube and be done with it. Rather we wanted attendees to be able to contribute and share in the workshop, which makes increases learning and generally makes it much more enjoyable too.

Here’s a few things we’ve tried:

  • Chat. With Zoom webinars, you can turn on the chat box, either for discussion between the host and attendees, or between everyone on the webinar. This can be used for discussion or the sharing of contributions, ideas and feedback.
  • Q&A. There is a ‘question and answer’ box, which allows attendees to post questions or comments that they have and then the host to respond to them at an appropriate point in the webinar.
  • Polls. Zoom webinars has the option of launching live ‘polls’, which allows attendees to answer multiple choice questions, which the host can then share with everyone. This is really fun, and allows for everyone to share their experiences and for the host to get a better sense of the attendees’ context.
  • Live demos. This always raises the element of danger in a presentation, as things can go wrong! But if you’re doing a live demo of an online platform, this can really increase the engagement of attendees. During our webinar on using Showbie for home learning, we got attendees to sign up for a free Showbie account and then join a test classroom, thus all contributing to a shared digital space.
  • Voice contributions. A great way to include attendees is to allow them to talk in the webinar. In a webinar on Apple Teacher, we asked attendees if they wanted to explain how they would answer a question in the badge quiz. Attendees then pressed the ‘raise your hand’ button, which then notified the host who could then invite that attendee to unmute their microphone and contribute their answer.

Running a webinar can feel a bit like sitting alone in a radio booth, so all of these little features can really help improve the engagement and flow in a webinar session.