back to article Reply-All storm sparked by student smut sees school system shut down Google Classroom for up to a week

Around 90 Australian public schools will be without email for up to a week after students responded to mistaken use of a mailing list with horrible content, which in turn sparked a Reply-All storm that asked for the circulation of email nasties to stop. The affected schools are in the Australian Capital Territory, a region of …

  1. Valeyard

    i bet it followed the pattern laid down by god unto moses:

    chain:

    you did it too!

    >oh my god guys stop sending me this

    >>/unsubscribe

    >>>/unsubscribe

    >>>>/unsubscribe

    >>>>>/unsubscribe

    >>>>>>/unsubscribe

    1. IT's getting kinda boring

      For those of you who have ever seen Mel Brook's "The History Of The World Part 1", the commandment "Thou shalt not reply all" was on the stone tablet he dropped.....

      1. chivo243 Silver badge
        Go

        Commandment 13 or 14?

  2. Robert Grant

    Friends don't let friends hit Reply-All.

    1. Valeyard

      how did a student sent to the global list anyway? the student shouldn't see that little entry

      1. IGotOut Silver badge

        My guess. Someone put it in a cc.

        1. Olivier2553

          Nope. That would be enforcing by obscurity only.

          Any mailing list with a proper setting will have a list of who can write to the list or not, independently from the fact it was used in a CC or painted on the wall.

          1. jake Silver badge

            Shit, we've been doing it for decades with LISTSERV and a little help from Sendmail ... I don't remember having any of these problems with the pair since, oh, I dunno, maybe the late '80s?

            But nooooo ... the goo-kids know better and have to re-invent it. And completely cock it up, same as they do everything else that they touch. Thankfully, Microsoft has TheGreatUnwashed convinced that computers and software aren't supposed to work properly, so all this bullshit gets shrugged off. Can you imagine if IBM and HP's code worked this badly in the '60s & '70s? We'd still be in the computing dark ages! Oh, wait ... maybe we ARE.

  3. jake Silver badge

    Not possible?

    "The mess was only possible because some students used their personal devices to share the smut, which the Directorate swears would not have been possible to access from within the schools it operates."

    I'm fairly certain I just heard someone saying "challenge accepted".

    1. Anonymous Coward
      Anonymous Coward

      Re: Not possible?

      typical Australian government and public servant response.

      "Not our fault, it was someone else"

      1. Alumoi Silver badge

        Re: Not possible?

        typical Australian government and public servant human response.

        There, fixed it for you.

    2. Doctor Syntax Silver badge

      Re: Not possible?

      I'm fairly certain I just heard someone saying "challenge accepted".

      I wouldn't be surprised if similar thinking was behind the reply-alls that followed it.

    3. Diogenes

      Re: Not possible?

      I don't know the UK or US, but here 4G jammers are illegal, so kids have access the mobile network of their choice on their personal devices even if on school premises so that statement could be factually 99%* true insofar as it applies to school equipment and/or school networks

      *the 1% wriggle room is because ATM in our network they are dealing with a VPN that bypasses windows UAC and installs like a store app into their student profile (it also includes a malware nasty) . Network admins have managed to block the malware nasty but are playing a constant game of whackamole blacklisting download sites in our poxy server and deleting from user profiles.

      1. parlei Bronze badge

        Re: Not possible?

        A school that really cared could presumably add sheet metal cladding and widows with embedded metal mesh.

        1. Korev Silver badge
          Coat

          Re: Not possible?

          >A school that really cared could presumably add sheet metal cladding and widows with embedded metal mesh.

          Would that be a School Faraday?

        2. jake Silver badge

          Re: Not possible?

          "widows with embedded metal mesh"

          Hell's Grannies? That'll see the little bastards walk the straight & narrow!

      2. fajensen
        Pint

        Re: Not possible?

        Don't have to jam anything - just (get telco to) set up a picocell at the place where one want to control cellphone access, create a list of devices allowed access to data services, to be switched on, and so on und zu weiter .... but ... with everything "important" in IT it is never important enough to put in the work or pay someone to do it!

  4. mbdrake

    Surely they're using G-Suite Enterprise for Education?

    Which has a massive tonne of options for dealing with crap like that? What content policies were in place, etc. etc. What about ACLs for the Google Groups? Why didn't they use the tools available to them to manage this kind of stuff? I also don't believe the directorate when it says they shouldn't have been able to use their own personal devices - unless it's a massive great big security hole in G Suite, which I doubt. Once they do sort this out, I suggest sending everybody involved in maintaining the system on a G Suite admin course post-haste.

    1. Pascal Monett Silver badge

      Re: Surely they're using G-Suite Enterprise for Education?

      Whatever they are using, it's pretty clear that they've only just discovered access management and user control options and are trying to understand how they work, what the consequences are on their daily life and how to set up said options in the way that best corresponds to their needs.

      Ain't it a shame that nobody thought to bother with all that when they first subscribed to the service ?

      Bah, it's like patching. They are part of the wait-until-you-get-bitten crowd.

    2. chivo243 Silver badge
      FAIL

      Re: Surely they're using G-Suite Enterprise for Education?

      Then you actually need a Google Admin who knows all those bells and whistles and ins and outs... or you get exactly what we're reading about.

      Been there...

      1. Yet Another Anonymous coward Silver badge

        Re: Surely they're using G-Suite Enterprise for Education?

        You don't need any admins for Google/Chromebooks/cloud that's the whole point - it's just in the web fro free !!!!!

    3. Diogenes

      Re: Surely they're using G-Suite Enterprise for Education?

      I also don't believe the directorate when it says they shouldn't have been able to use their own personal devices

      You have misread the article...

      Students are not able to access NSFW material using school issued devices or using school networks (I do know of a workaround , but getting that particular app stopped is like playing 'whack-a-mole'), but obviously can using their personal devices on other networks, eg 4G or their home network.

      When they saw that they could email literally 'everybody' they put 2+2 together and came up with 4 (please Mr Mod don't ban for using racist maths https://www.washingtonexaminer.com/news/math-professor-claims-equation-2-2-4-reeks-of-white-supremacist-patriarchy).

      How the original student got and was able to use a global mailing list , well that is a horse of a totally different colour.

      1. jake Silver badge

        Re: Surely they're using G-Suite Enterprise for Education?

        "racist maths"

        I just read that. And then I read it again. And then I took a shower and read it again.

        The woman is loopy. Not because she's female, but because she's loopy.

        1. sev.monster Silver badge
          Childcatcher

          Re: Surely they're using G-Suite Enterprise for Education?

          Congratulations, you're white, racist, white supremacist, male, sexist, patriarchal, and probably a rapist.

          Even if you are not all or none of those things.

          1. jake Silver badge

            Re: Surely they're using G-Suite Enterprise for Education?

            "Congratulations, you're white, racist, white supremacist, male, sexist, patriarchal, and probably a rapist."

            The News has been telling me that each and every day for months, so it must be true. I'm not Caucasian, and I am a very minor minority .... but I'm white, so I must be all of those things. (Wait, isn't judging a person solely on the colo(u)r of their skin the very definition of racism? Colo(u)r me confused!)

            Apparently, I'm also going to die from Covid-19 RealSoonNow (about the only other thing that's been on the news), and they have the statistics to prove it .... but they aren't releasing those statistics, because it's only available on a need to know basis and the general public has no need to know.

            We are really living in a totally fucked up society, aren't we? Don't you think it's time to start speaking up? I do, and I am ... but I'm only one voice. Join me? Call your political representatives. Write then snail-mail (they ignore email and social media). Call and write your local hnews media (these folks do listen to email and social media). Get your opinion heard, before it's too late ... and above all, get off your ass and VOTE!

      2. mbdrake

        Re: Surely they're using G-Suite Enterprise for Education?

        So the schools don't enforce *any* form of device policy management that would prevent the students from using school Google accounts with Google apps on their personal devices outside of the school networks (or at least severely restrict it)?

        I thought that would be a number one priority if you bought a personal device into school. Any school work on a personal device needs to have the device partly managed by the school. Basic BOYD management, I'd have thought.

        1. fajensen

          Re: Surely they're using G-Suite Enterprise for Education?

          How should they do that?

          A company will restrict the selection of "own" devices for you to "buy" to something that their IT management system is familiar with and can operate on.

          It will be very clear from the beginning that the user consents that this is a business device and therefore business can do things to it.

          In school, one gets almost one implentation of Android per 4 children and a smattering of Apple devices, the Apples (if they are recent) have a fairly decent management interface, some Andoids have something that could work and the rest has something that runs from China.

          These devices are 100% their owners property and one cannot legally dick around with them - even assuming one could support the volume of management scriptiing to do this.

          It's the usual cheapskating and shortcutting, then whining when something breaks: If they need to control user devices, suitable user devices has to be provided. But that costs money and they don't want to do that, rather they push the costs onto the users but of course then they can't do management because of the explosion in diversity that creates.

    4. Cliffwilliams44 Silver badge

      Re: Surely they're using G-Suite Enterprise for Education?

      The biggest impediment to restricted mailing list has always been the management. 1st it is maintaining the security, then it is some exec wants to send to a list and is not one the allow list. Then if you have restriction you are told to remove them. Of all the companies I have worked for only one had restrictions on their lists. That was implemented after an employee sent a drunken email to the whole company.

      As with every org out there, management will not put restrictions in place until something bad happens, and then it is never "their" fault.

  5. heyrick Silver badge

    Clearly run by dummies

    Why isn't a mailing list set to provide emails to each person in turn, or to a dummy address with everybody else stuck in BCC?

    I'd be pretty pissed off if a school was willingly sharing my email address with all of the other students...

    1. Anonymous Coward
      Anonymous Coward

      Re: Clearly run by dummies

      *cough* following last weeks migration of email across to O365 I've been watching with amusement as the inevitable reply-all storms have kicked off - they keep coming in waves as all those who weren't around at the time come back to their desks, see one from the previous round and fire off a "please remove me from this list" missive ... to everybody. That's then followed by the scolding "please don't reply to these emails", again sent to everybody.

      1. hawkshaw

        Re: Clearly run by dummies

        I've seen that happen a couple of times in the past, particularly before access-control on distribution lists became common. The first few replies I can understand, but then why do people continue to contribute to it once it become obvious what is happening?

        1. Doctor Syntax Silver badge

          Re: Clearly run by dummies

          Because it's the only thing they can think of to get removed. There's probably an email address for the list manager but nobody knows it. All they can hope is that it's one of the names on the list.

          1. parlei Bronze badge

            Re: Clearly run by dummies

            When the school system I worked in went GAFE there was reportedly some admins, but their contact info was secret. No training or useful instructions.

        2. Claptrap314 Silver badge

          Re: Clearly run by dummies

          Because sometimes, the only way to make sure that fools learn their lesson is to teach them yourself.

        3. Anonymous Coward
          Anonymous Coward

          Re: Clearly run by dummies

          In my case: Just to be evil.

    2. doublelayer Silver badge

      Re: Clearly run by dummies

      "Why isn't a mailing list set to provide emails to each person in turn, or to a dummy address with everybody else stuck in BCC? I'd be pretty pissed off if a school was willingly sharing my email address with all of the other students..."

      Almost certainly, it is set up as you suggest and they aren't giving out addresses. It's just that they forgot to change the all-important setting of who can send to that list and have it operate for them. Usually, there's an address which sends the message to all the addresses in the list without showing that list to the original sender, but if anyone on the list can be a sender you end up in the same place.

    3. Diogenes

      Re: Clearly run by dummies

      I'd be pretty pissed off if a school was willingly sharing my email address with all of the other students...

      You wouldn't need to, if you know the pattern the organisation uses eg hey.rick@xyz.edu

      1. sev.monster Silver badge
        Big Brother

        Re: Clearly run by dummies

        ...or if everyone's address is already in the GAL...

  6. Danny 2

    In a further blow to Gavin Williamson...

    President Lukashenko said he doesn't recognise England's A level results as valid.

  7. Anonymous Coward
    Anonymous Coward

    Reply-all

    I had one of my cellphones stolen a few years back and when I transfered the service to a new device I could see that the person that had the phone last had sent a text message chain to everyone they knew wishing a Merry Cristmas to their "fam".

    I sent a reply-all to everyone in the chain to please remove my number from their contacts and explained to my new-found "fam" members what happened to my last phone and also to wish them a very Merry Lolz Christmas.

    (Sadly, I never got any replies back)

  8. EnviableOne

    dont people learn from other's mistakes

    Letter from UK.Gov to AUS.gov

    Here in IT for gov.uk we make mistakes for others to learn from:

    We are saddened to find that our Five Eyes brothers on the far side of the world failed to take heed of our demonstration within the NHS mail system back in november 2016 and failed to apply the lessons we should have learned.

    Kind regards

    HMG

  9. Lee D Silver badge

    Google Suite for Education and Classroom?

    Just remove "Member's" of each group being able to post message (they'll still receive and be able to read them, but then you can filter and delete by thread ID using the audit tools).

    Honestly, this is on the IT department - they mis-permissioned which allowed it in the first place, then they failed to properly permission to stop it, then they don't know how to use the tools to pull in those emails and block/delete them.

    1. Cliffwilliams44 Silver badge

      The thing is, they may not have been allowed to. I can't tell you how many times I've had that conversation.

      Me: We need to restrict these lists

      Management: Why

      Me: Because some fool is going to spam these lists with some stupid email, then people will reply all continuously.

      Management: Our people would not do that.

      Me; Yes they will!

      Management: What happens if someone really needs to send to a list and they are not in the security.

      Me: It gets rejected!

      Management: Oh, we can't have that! Lets leave it as is. I don't think that is a serious risk.

      Me: (walking away shaking my head)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon