There was a great outage to Canvas - the preeminent (?) learning management software used by thousands of universities - about a week ago. Apparently a hacker group got a hold of the company’s internals, and due to zero response to subsequent threats and demands, the group shut the whole thing down. Right smack-dab in the middle of spring semester finals.

Back in my day, when people didn’t want to take an exam, they simply pull the building fire alarm. These days you can’t do that anymore because fire alarms have all gone sensor based. The conspiracy minded in me is thinking perhaps some kid from a supremely wealthy family really wanted to skip a test. So why not pay a hacking group an absurd amount of money to shut down the whole system.

Word on the street is that Instructure - the company behind Canvas - ended up paying the ransom. The hackers had them by the proverbial balls. It seems the only person who doesn’t negotiate with terrorists is President Bush.

It’s a real black eye for Instructure’s IT security department. I am speaking out of my ass, but why wasn’t there a suitable duplicate/backup system in place? For something this critical serving this many clients, there should be a shadow clone running 100% of the time right alongside the main instance. When the main gets compromised, you connect the backup directly and quickly. Like a dual-clutch automatic gearbox: the next gear is already pre-selected.

Have the clone hosted on localized servers right on university premises. Therefore even if Instructure gets completely nuked, each college has access to their own teaching data immediately.

And I’m sure such fantastical backup implementation will be insanely cheap to execute! (/sarcasm.)