Episode 264 - GoogleBook Announcement & Canvas Breach Debrief

On this episode of the K‑12 Tech Talk podcast the hosts break down three major stories shaping school technology: Google's announcement of the new "Google Book" (a reported merge of Android and Chrome OS), growing controversy and litigation around iReady and screen time in schools, and a detailed debrief of the recent Canvas/Instructure security incident with guest Michael Klein from the Institute for Security and Technology. The opening covers Google’s GoogleBook reveal — what the leaked demos show, how the new OS appears to branch from Android while retaining a Chrome‑like desktop, and Google’s assurances that Chromebooks will continue to receive automatic updates and remain manageable via the Admin Console. The hosts discuss uncertainties around device compatibility, hardware requirements for on‑device AI features, pricing concerns for school deployments, and how teachers and students are likely to keep calling them "Chromebooks." Unofficial demo of AluminumOS: https://youtu.be/dXmFIfv_tIA?si=Baw0OInBqJf-IkDD Next, the episode examines the growing backlash against iReady: why teachers, parents and some districts are pushing back, the claims in recent reporting and lawsuits, and how iReady’s heavy usage, diagnostic vs. instructional role, and private‑equity backing factor into the debate. The hosts outline how states and districts are beginning audits and re‑evaluations of iReady’s role in learning and assessment. The final and largest segment is a deep dive into the Canvas/Instructure incident with cybersecurity expert Michael Klein. He walks through the timeline (initial unauthorized activity detected April 29; exfiltration via cross‑site scripting of a free‑for‑teachers account; a later attack that posted extortion notes to some users), the involvement of CrowdStrike, the public claims by the Shiny Hunters group, and Instructure’s statement about an agreement with the actor. The conversation covers the technical nature of the attack, impacts on confidentiality, integrity and availability (including disruptions to finals/registrar functions), the downstream consequences for integrations with SIS and other edtech systems, and why many institutions remain cautious to reconnect APIs. Michael and the hosts discuss practical guidance for parents, students and districts: look out for targeted phishing attempts, enable multi‑factor authentication, consider credit locks and fraud safeguards, run tabletop exercises to prepare for service outages, and demand clearer vendor communication and remediation proof before re‑integrating critical systems. They also explore policy implications — where federal and state incident response capacity and vendor risk management need strengthening — and what trust and verification might look like going forward.