Things I learned and/or did this year:
I had some writer’s block earlier this year. After completing Shindig for horn choir, I flailed a lot from about March to August. I think part of it was the workload from taking classes and teaching a full load across two campuses. But another part of it was that I spent mid-to-late part of the semester designing, proposing, and planning a composition program at NDSU.
Our composition degree has been approved and accredited, and we started our first students this fall. And as an extension of that, I’ve joined NDSU full time.
Does the world really need another composition program? Probably not. I attended a paper this summer about the overcrowding in the composition world, and especially in the time of COVID, the opportunities seem to be dwindling.
Does the region need a composition program? Yes. Looking at professional undergraduate (Bachelor of Music) degrees, ours is the first in the Dakotas. There are four in Minnesota, one in Montana, and one in Manitoba. It gets better the further south and east one goes. But new music opportunities are, well, not numerous up here.
Of course, at many schools, students interested in composition can take composition lessons within the context of the BA or BS in Music. My intention is that having a collection of degree-seeking composers will give us the ability to do several things we wouldn’t be able to do within the context of a BA or BS, such as produce more composer opportunities and resources for the region. Things such as a new music concert series, Dakota composer residencies, a student-run music press to experiment with self-publishing, and assembling materials for high school students interested in composition.
NDSU is an interesting place to do all this. We have a named and endowed School of Music within a comprehensive STEM-focused Land Grant university, which puts us in an ideal place for both collaboration and outreach. We already have a full range of academic music programs from the BM to the DMA. Our undergraduate music curriculum already requires Music Entrepreneurship which intersects with the university’s entrepreneurship initiatives. And NDSU is already quite new music friendly, with the annual Fissinger Composition Contest, the new Pilafian Composition Contest, and regular performances of works by living composers.
So looking at the reality of the new music scene in North Dakota and what the future of music composition might be like, we’ve tried to make the degree as flexible as possible. Composers have to know a little bit of everything, so we’re having them do the same instrumental or vocal performance requirements as our BA/BS students do. Proficiency on piano, conducting, counterpoint, advanced theory, and instrumental arranging, of course. But then we’re also opening up a chunk of electives for the degree, giving students the opportunity to gain some additional specialization or marketable skills. This might include taking some of the music methods classes to learn how to play all the instruments. Or taking on a certificate or minor through the college of business, such as Entrepreneurship, Accounting, Business Administration, Management Information Systems, or Community Development. Or pursuing minors in Creative Writing, English, or Theatre Arts. Or there’s the certificate in Publishing.
The hope is to twofold: To create resources and opportunities for composers in the Dakotas, and to create a composer incubator which gives students the tools they need to be successful musicians in the region and the world.
Oh and that writer’s block finally lifted. I have a new song cycle of hilarious poems by Mark Vinz that are getting the finishing touches soon, to be premiered in February.
The more I’ve composed, and the more I’ve taught music, the more I realize that there’s just so much interesting stuff out there to learn, a lot of which intersects with music composition. Psychology of creativity, business administration, critical theory, aesthetics, higher education administration–these are all things that sound terribly interesting.
Cassie’s work at NDSU affords me a half-tuition waiver, so this spring I decided to become a bison. An entire degree seemed like a bit much given the rest of my workload, but some of our graduate certificate offerings seemed like a good place to start. The most logical, I reasoned, was the graduate certificate in Publishing, which is offered through the College of Arts, Humanities, and Social Science working through the North Dakota State University Press. Even though NDSU’s press is a literary press, the business side of things and the publishing process would be the same as it is in music publishing. After all, everything I know about publishing music is from 1) trial and error or 2) things I read on the internet.
I had to check my transcript, but even though I defended my dissertation in May of 2014, the last seated class I took was Dr. Ken Stephenson’s Bartok, Prokofiev, Chicago in the summer of 2013. So, seven years after being a student, here I am again, this time with experience from the other side of the classroom.
So we’re over halfway through: here’s how it’s going. For starters, it’s the first time I’ve been in a class in a while where I haven’t been in charge. This is great, in some ways it’s like a mini-vacation in the middle of the day. Make no mistake, it’s real work. But it’s nice to follow instead of leading for a bit.
There’s a ton of reading:
It looks like a lot, but it doesn’t seem like a lot. Maybe part of it is because it’s real, actual work. These are live projects. The poetry acquisitions project will result in us picking one of those books of poetry to publish. The novel will be printed with my edits. The advance review copy needs someone to proofread it. Everything we do in class matters.
My graduate project for this class involves creating an online music publishing boot camp.
This has made me think of quite a few things, to come later.
When I first built Liszt, it required (logically) that users have a username and password. Well, more correctly, it required that I have a username and password, since I was the only one using it. As it grew and I got better at programming, I kept slightly upgrading the credential process and permissions system–the last iteration used a salted password based on a proprietary hashing algorithm.
When storing usernames and passwords, the worst way to go about it is to store passwords in plain text. If your password is “password”, then you just put “password” in the database. Hashed passwords are a little better. It involves taking a one-way Hash, which is a way to take a variable length string like “password” or “pwd” and maps it to data of a fixed size, like 36 characters. The problem here is that if multiple people have the same password, if a bad actor were to steal the User database in Liszt, they could cross reference hashed passwords with password hints.
Liszt never had password hints though, so…but whatever.
Encrypted passwords are alright, but since encryption has a sibling named decryption, it’s safe only as long as the encryption key is safe.
The safest way to store passwords oneself is to combine the user’s password with what’s called a salt. In the case of Liszt, I took a hashed combination of the users ID number, combined with a hashed combination of the user’s password, hashed the result for good measure, and saved that in the database. That way, even if everyone had the same password, it wouldn’t show up in the database as the same password. Everyone gets their own gibberish.
Much of my philosophy on how to properly authenticate users comes from YouTuber Tom Scott–most specifically, his “How Not to Store Passwords (https://www.youtube.com/watch?v=8ZtInClXe1Q, which I’ve just explained in brief) and “The Fictional Day Google Forgot to Check Passwords” (https://www.youtube.com/watch?v=y4GB_NDU43Q). And as I onboarded more and more students, it made more sense to start using alternative providers–Since most clients used Microsoft Office 365, having Microsoft handle the authentication made the most sense. That way, I never have to deal with the passwords.
I wrote much of the code to handle the OAUTH login myself, based on snippets I found online and bolting them to Liszt’s Single Sign On system. Liszt doesn’t use external frameworks for the simple reasons that 1) They either didn’t exist and I wasn’t smart enough to use them when I get started, and 2) It would be a massive undertaking now, and Liszt is kind of its own platform. Because of this, I didn’t use a lot of third-party libraries.
In late 2020, I finally integrated the PHP package manager Composer because I needed it for some storage work I was doing (maybe a blog post in there too), which opened up the possibility of using some existing packages and modules I previously either didn’t use, or integrated manually. One of these things is the League of Extraordinary Packages’ OAUTH Client.
At the beginning of 2021, Liszt contained four login systems. The first was the original Liszt username/password combo, the second was Microsoft 365 for registered users, the third was Microsoft 365 for students and clients, and the last was
A hacked-together beta version of the Google OAUTH code, which worked fine on the Google end, but I never really properly wrote the Liszt end. My work in January has been to reduce Liszt to one login system that can handle multiple providers. Which is…really what I should have done at the beginning.
This sounds reasonably simple, but here are some of the challenges:
Also, I wanted the following:
So there’s just a ton of access control flow going on. Here’s what that looks like now.
For starters, when I coded the original Liszt Office 365 login setup, I used my personal email account. Since we’re upgrading, I moved it to NoteForge. Sound easy? Yes. Is easy? Microsoft now requires that commercial or business accounts be verified, which is a reasonably straightforward, though undocumented process. What that ultimately means is that instead of this:
Liszt now asks for permissions like this:
Even though it’s the same app, in the view of Microsoft it’s different, so all users will have to re-authorize Liszt. Only this time, it comes with a nice blue checkmark.
So Microsoft (or Google or whoever I end up using as providers) verifies the login–Liszt never sees the password or login information, it just gets Profile information, who you are, what your email address is, etc. Then Liszt has to figure out what to do with you. And that flow is, simply, complicated.
The most straightforward cases are either registered users or identified clients/students logging in–It just passes the info on to the appropriate part of Liszt. Next are users or clients who haven’t logged in before and need their Microsoft username applied to their Liszt profile. Reasonably simple.
What about Clients who are trying to log in as Users? Or vice versa? Now Liszt tries to nudge you in the right direction:
Alright, we have those. Next up are people who are clients in multiple Liszt sites–which are arguably few, but better to take care of this now while I know what the code does. If you’re logging in at the wrong place, Liszt will now try to nudge you towards the right client site.
At NDSU, we tried allowing students to self-enroll in 2019, and that worked really well. But, it was a completely manual solution. As in, I wrote some code that said “enroll at this website, get attached to the Marching Band.” With this system, I’ve built in hooks to allow students to self-enroll by inputting a code, which will grant them the appropriate access and assign them to the appropriate groups. That’s not hooked up yet, but it’s ready to be written.
People who are logging in who just need to be fingerprinted? That’s easy–since we’re not checking them against a database, we just package their data and send it to the appropriate Liszt-built system.
Finally, there’s the user onboarding flow, which is designed for creating new registered user accounts. That group will either want to get access to an existing site, or to create a whole new site. That last group, I’m not ready to automate yet, so Liszt collects their information and creates a workorder. Those new users to an existing site, however, now get the option to type in a secret code (provided by the administrator) which creates a permissionless user for that site. Admins can go in and assign the required permissions afterward.
Complicated? Sure. Better in the long term? Way better. In fact, I coded the Google login code for the system in about ten minutes this morning.
Progress? Very yes.
The new version of the Liszt login system goes live later this week.
I did a lot of nonsense teaching things last semester. Or rather, things that seem like nonsense, but that are grounded in my composition/creative and programmer/system-building tendencies. Some of these things worked. Probably the last part of a 3-part series that I thought I’d forget about but somehow didn’t.
Part 1: Late Work Passes
Part 2: Choose-your-own-adventure Projects
I read somewhere (if I had to guess, it was in A Perfect Mess) about how the most efficient use of crosswalks is when about half of pedestrians waited for the lights to change, and about half of pedestrians dart across the street to dodge traffic. If everyone were to wait, it would be terribly congested. If everyone were to ignore the signals, it would be chaos.
This semester I let my students pick their own due dates. Which sounds like madness. Here’s why it wasn’t.
I got this idea originally from Sanna Pederson at OU, who used to let us turn in our graduate musicology term papers whenever we wanted to. This worked fine for grad students, or at least it worked fine for me. Presumably if it didn’t work, she wouldn’t have done it.
For Entrepreneurship and Skills for Academic Success, students picked their own due dates, with some restrictions. In Entrepreneurship, required projects had set due dates, while optional projects were left to student discretion. For Skills for Academic Success, students could choose their own due dates, but one project had to be completed each week. (More information on the curriculum in Part 2).
In both classes, the first project is a “semester plan” where students plot their assignments for the semester. They get credit for schedule management, which is exactly what I want them to do as part of these classes. If they need to update their semester plan, they can do so via letter.
I kept track of all this in Excel, because Blackboard was no help.
As I mentioned in part 1 when talking about Late Work Passes, my late work policy is that all work is accepted in the week that it’s due. So if students pick a due date of Monday, I’ll accept that work through Saturday.
In Excel, I had a column for student name, class, and project. Next, I had the student’s due date, followed by a column showing the weekday of the due date (=WEEKDAY(D2)). This allowed me to calculate the late-work deadline with the formula (=D3+(7-E3)), or (=Due_date+(7-(Weekday of Due Date))).
When a student submitted an assignment, I just cross-referenced my spreadsheet to see if the assignment was valid. Like with the Late Work Passes, students basically took care of this and I could have ignored my spreadsheet. But I didn’t. And I won’t.
I figured that this would take up a lot of time, and to offset that I changed up my grading policy. I don’t necessarily need 100 points of gradation to give feedback for creative work, so I moved to check-grading, which looks like this:
Check-Plus: Acceptable; Needs no further work
The submitted assignment is polished, professional, and indicative of the level of work expected from a professional musician. Any improvements to the project would only add to the level of professionalism of the assignment. Receives: 100% of points.
Check: Acceptable; Could improve
The submitted assignment is acceptable and meets the purpose as requested, however, it still leaves some things to be desired such as additional information, formatting, word usage, etc. Receives: 80% of points.
X: Try Again
The submitted assignment is rejected for one or more of the following reasons:
Receives: 60% of points
X-Minus: No apparent effort
The assignment was either not submitted, or the material submitted was so lacking that detailed feedback would be a monologue rather than a dialogue. Receives: 0% of points
Basically, for every assignment you submit, you can get an F, D, B, or A. But because I’m interested in feedback and iterative change, any check-graded assignment can be corrected and resubmitted for a newer grade, as long as it’s resubmitted by the end of the week it’s returned. Which is nice because it forces me to return work on Monday or Tuesday.
It also works recursively. Turn in an assignment, get it returned. Correct the assignment, get it returned. Correct the assignment, get it returned. It’s not only choose-your-own-due-date, but choose-your-own-grade, since you can keep submitting a project until your grade is where you want it.
In short, like it was supposed to, mostly. Let’s break it down into the due dates and the grading.
For the due dates, there was some legwork to get everything set up in Excel. But students who would normally follow due dates followed their own due dates, and students who have trouble with due dates had trouble with due dates. I think that fewer students had trouble following the due dates this semester, but I’m not quite sure. Students who totally missed due dates who came to me during the last weeks of the semester were given (or rather, just had) the opportunity to edit their semester plan, so nothing was technically late.
Some of the Skills for Academic Success students were pretty lackadaisical about due dates–they were close, -ish. I’m chalking that up to COVID.
My intention this semester was to have sample due dates available as part of the assignment slates in Entrepreneurship (for those students not wanting to pick their projects a la carte). I didn’t get to that for the fall, but I’ve updated that for the spring.
The big thing that comes up when I tell people I let students pick their own due dates is that everyone will just pick the end of the semester. They really don’t. Maybe they’ll pick the end of the semester for a major project, but otherwise they’ll pick reasonable due dates.
Due dates didn’t surprise me too much. I’d do it again.
Grading, on the other hand, that kind of surprised me.
What surprised me in one sense is that it removed the middle from my classes. There were students who did nothing, and there were students with full credit, and almost nobody in the middle. Then I realized that with the resubmission process, this is how it should look. Then it corrected itself as the semester went on, which was even more surprising. The occasional student took advantage of grade re-submission, but not as many as should have. The class probably should have generated a bunch of As and Fs. There was a bit of a middle.
Students generally turn in acceptable work or none at all. This is probably due in part to the fact that I only used this grading scheme for creative classes, i.e., there are no wrong answers. But if asked to write a bio for the first time, or write up a travel budget, they do satisfactory work. Or none.
The idea of doing no work baffles me, and I have no correction for it.
I’ll probably keep the grading scheme for this spring too, but I’m not totally convinced of it yet.