brown(e)learning

I participated in a national web conference on assessment sponsored by a respected organization. Many of the talks were good, one or two made some great points, but one in particular had some serious flaws. It’s generally my policy not to call people out, and my purpose here is not to critique the speaker, so I’m going to do my best not to cite him/her.

When this person presented his/her definition of “Assessment,” a participant sitting next to me asked me what I thought of it. “It’s half-right, but gets too much into evaluation,” was my response. As the presentation progressed, I noticed that the line between assessment and evaluation become so blurred that the speaker was using the terms interchangeably.

When the presentation was over, there was an opportunity for us to ask in questions via a chat form. Mine was first in line: “What’s the difference between assessment and evaluation?” The speaker hummed an ha’ed, claimed that this was an open question that “we’re still working on,” and stated that he/she used the terms loosely.

No, no, no. It’s only an open question to people who are trying to figure it out for themselves rather than leveraging the mountains of theoretical and empirical work that several professional organizations have already completed. There are still various definitions for each term, but here are two that draw a distinct difference:

Assessment is the systematic process of gathering data to inform decisions (adapted from Nitko & Brookhart, 2005).

Evaluation is a judgment of quality, merit, or worth.

Obviously evaluative judgments can be used as assessment data, and assessment data can inform evaluation judgments. But the assumptions, theories, and methods are tailored to their respective end goals (judgments or data).

As these fields have developed, assessment has become a bastion of positivist assumptions and quantitative methods, while evaluation was a safe harbor for relativism and qualitative methods almost from its inception. Perhaps because of this bifurcation (and the persistent classification of qualitative methods as non-scientific), colleges and universities have offices of “assessment,” that really perform evaluation.

In common speech, there is little harm in not distinguishing between assessment and evaluation. But when we want to get our hands dirty and accomplish something with these processes, and especially if we’re elevated to the point of lecturing others on how to conduct this work, we ought to have the distinction clear in our mind.

A few months ago, Google created a honeypot trap for their competitor. While that’s not quite what I’m doing, i would be wrong not to recognize Google’s efforts as an inspiration in this.

I migrated brown(e)learning to a hosting company’s server last month. Buried somewhere in the sign-up form was an offer for an additional service that supposedly would scan the site for vulnerabilities. If none are found, the firm behind the service would allow me to display their badge on my site. I didn’t want the service, didn’t even notice that I had signed up for it, but now I’m getting semi-daily emails letting me know 1) there are no vulnerabilities on my site, 2) how I can complete the registration process, and 3) how to display their badge on my site.

So, I’ve had enough. I created a page that contains an obvious SQL injection vulnerability. I’ll link to it from several of the pages on my site to make sure the scanning service can see it, and then determine the legitimacy of the service based on whether they notice it.

BTW, the MySQL user for that page only has SELECT privileges to an otherwise unused database, so you can’t do this…

Oh, and that page can be found at: http://brownelearning.org/test/vulnerable.php…