Pages: 1 2 3 4 5 6 7 8 9 Next

Quotable Quotes: “Spam Profile Campaign on Moodle Websites Continues”

October 6th, 2008 Send to a Friend Send to a Friend

TOKYO (MacHouse) - 3 days ago, we reported that as many as 72 websites with open-source course management system package called Moodle were spam-exploited by an organized cyber criminal group. The list of victimized websites has grown. Newly spam-exploited websites include those of

Saint Lous University School of Medicine (See Screenshot 01.)
Global Production Engineering
Met e-learning
Northern States Conservation Center
Mansoura University Learning Center (See Screenshot 02.)…

See complete post at: http://seo.mhvt.net/blog/?p=550

Quotable Quotes: Moodle “Front page hacked — again!”

October 6th, 2008 Send to a Friend Send to a Friend

Lots of Moodle security issues reported over the past few weeks…just browse the Moodle Security tag on this blog. A core developer and Moodle HQ employee “Highly recommended” everyone upgrade who is running versions 1.6 to 1.9 in a moodle.org forum post about a week ago…can you find that upgrade recommendation?  See the following post: http://www.moodleus.org/blog/?p=312 

Have you received your security alert from Moodle HQ informing you of the need to upgrade? Neither have I ;-)

Security Through Obscurity? I don’t think so!

Moodle Hacked Again

Source: http://moodle.org/mod/forum/discuss.php?d=107591 

Quotable Quotes: “I do not even want to guess how my personal password became the current key.”

October 6th, 2008 Send to a Friend Send to a Friend

Moodle automatically changing course enrollment keys to the teachers personal password? One would think if a problem like this was reported in the moodle.org forums, someone at Moodle HQ would at least comment on the issue…well, one would think.

You can click on the link below the screen capture to see the entire thread. This problem was reported over 2 weeks ago and no comment from anyone at Moodle HQ.

Humm…maybe they are still having a hard time finding these since there is still no security forum on moodle.org…the clock is still ticking (99 days, 9 hours) on that one!

But, in the meantime, my regular Moodle HQ readers can keep up on the security issues by continuing to read this blog. Let’s see how long it takes someone with a bunch of avatars under their name to reply in that thread now ;-)

Security Through Obscurity? I don’t think so!

Moodle Security

Source: http://moodle.org/mod/forum/discuss.php?d=106109 

Moodle Test Questions & Security…or not!

October 5th, 2008 Send to a Friend Send to a Friend

Moodle Security Through Obscurity? I don’t think so!

Once again, test it for yourself…the video says it all!

The site is here: http://extremeclassroom.com/lms19/

The course is: Test Course 2

The login is:

Username: moodlestudent
Password: moodlestudent

Where’s the Beef…Moodle?

October 3rd, 2008 Send to a Friend Send to a Friend

One of my readers sent me the following graph the other day, so I figured since Moodle HQ likes numbers so much, I would post these for the disciples to consider. Now any artist will tell you “A picture is worth a thousand words”…so, what does that picture say to you?

Roles activity report

Maybe it’s saying something like this….

Over the summer, many Moodle admins decided it was finally safe to upgrade from 1.6 to 1.9…everything seemed to go well.  Now it’s September, the teachers are back, and are discovering all the roles related problems.  The administrators realize that they can’t fix the problems because they don’t understand roles, so they post to moodle.org. Then they discover nobody, not even the developers who developed them, understands them either…this becomes painfully clear by the lack of response to their cries for help in the forums. Of course, moodle partners, like all good business people, see this as an opportunity and, well, you can guess the rest.

There is also another very interesting transformation happening in the moodle.org forums directly related to these roles issues. As someone who has been following the discussion forums and the development of Moodle for the past few years, I can’t help but notice how the Moodle development has shifted from a teaching/learning focus to an administration focus and nearly all the discussion in the forums now revolve around administration issues. Moodle.org now looks more like a set of discussion forums for a student management system than a learning management system.

Think about it…since Moodle 1.5 what teaching-learning tool improvements have been made in Moodle?

– Let’s see…you’ve lost workshop, exercise, and journal.
– You’ve lost significant ability to manage and configure your discussion forums since many of the most important forum settings have been moved to role overrides…and we know, allowing teachers to override roles is “very dangerous”
– The forums themselves, have had no added functionality since 1.5…you’ve only lost functionality since the implementation of roles. 
–The Wiki is still useless…no better illustration of that than the fact that moodle.org chooses to use MediaWiki instead of its own wiki.
– The moodle blogs haven’t been improved since they were implemented and they are so bad, that when a Moodle Partner finally started a bog, he started one on Blogger.
– There have been no improvements, or even changes, to Chat since it was implemented. Still no way for the teacher to do simple things like make their own name show in a different color-font size so they can be distinguished from others in a chat. Not to mention features like you have in skype rooms. I’ll bet you think Moodle developers use chat for their own developer meetings don’t you? Wrong…they don’t even use Moodle for those online meetings.
– In short, there have been no major additions to the teaching-learning tool set in Moodle and no major improvements to the teaching-learning tools since version 1.5. 

What has changed since Moodle 1.5?

– In 1.6 you got unicode.
– In 1.7 you got Flexible Roles and Capabilities and a completely broken Moodle system.
– In 1.8 you got a recovery from the disaster that was 1.7. Now Moodle actually, sort of, worked again.
– In 1.9 you got a gradebook that is just about as complicated as roles. And, the site administration block has grown to at least four times the size it was in 1.6 with an ever increasing set of complicated ”admin checkboxes and drop-downs”. 
– So, in short, virtually all the development since 1.5 has been in the areas of administration, management, testing, and grading. Not exactly a social constructivist/constructionist focus, wouldn’t you say?

The trend seems pretty clear to me…the bun (admin stuff) keeps growing and the beef (teaching-learning stuff) keeps shrinking. Makes one ponder the famous question:

Where’s the Beef?

Where\'s the Moodle Beef?

Hummm…now that I think about it…this sounds like a “Frances Issue” doesn’t it? Wouldn’t be surprised to see this pop-up in the “lounge” and generate a whopping three thoughtful responses from disciples ;-)

Quotable Quotes: “Help! I locked myself out of Moodle!”

October 3rd, 2008 Send to a Friend Send to a Friend

Wow…now there’s a problem we haven’t seen before <wink> <wink> :-)

In reading the Moodle Partner’s response to that post I detect a sense of resignation to the fact that this is something that’s just going to happen, so expect it and just live with it. I’m not sure how acceptable it is for people to just expect to be locked out of their site, but there you have it…

I really should rename the category I file these in from “Weekly Roles Victim” to “Hourly Roles Victim”, but I just don’t have time to post all of them here ;-)

Roles…the worst decision in Moodle since Moodle!

Moodle Roles Victim

Source: http://moodle.org/mod/forum/discuss.php?d=107421 

Quotable Quotes: “Everything was cool until last Thursday when I was poking around in the Roles and Permissions (Define roles) area, and noticed that Students, by default, were allowed to do ‘Anything on the site’!!!!”

October 2nd, 2008 Send to a Friend Send to a Friend

Hummm….well, I would say that’s a good thing to notice.

Here’s another one for you Howard…hope it’s not your day off ;-)

Roles…the worst decision in Moodle since Moodle.

Moodle Roles Victim

Source: http://moodle.org/mod/forum/discuss.php?d=107333 

Correcting the record…

October 1st, 2008 Send to a Friend Send to a Friend

Looks like the subject of one of my posts felt the need to correct the record. See the comments in the following post for the correction…and some interesting logic ;-)

http://www.moodleus.org/blog/?p=313 

Moodle Scalability & Reliability?

October 1st, 2008 Send to a Friend Send to a Friend

Recognize this? It’s a pretty common occurrence on moodle.org. If the gurus can’t keep moodle.org running, do you really think you can keep your institutions LMS running on Moodle? Something to consider when considering Moodle as your production LMS. LMS reliability for a few teachers and students is one thing…reliability for your entire campus?

Moodle Scailability and Reliability

Quotable Quotes: “Admin cannot assign roles in courses and other bad problems after upgrade to 1.9.2″

September 30th, 2008 Send to a Friend Send to a Friend

If you’re thinking roles only causes problems for new, inexperienced Moodle admins, think again. The problem reported below is from a long time moodle user, administrator, trainer, moodle documentation writer, and dedicated Moodle disciple. I’m sure a partner can fix this for a reasonable fee ;-) 

Roles…the worst decision in Moodle since Moodle!

Moodle Roles Victims

Source: http://moodle.org/mod/forum/discuss.php?d=107139 

Moodle Security Through Obscurity…or in this case, by Accident!

September 29th, 2008 Send to a Friend Send to a Friend

I reported on a possible moodle security exploit about a week ago here on my blog…see post at link below:

http://www.moodleus.org/blog/?p=301

Moodle HQ finally “discovered” the exploit a few minutes ago…humm…still think Moodle HQ takes Moodle security seriously? I’m happy Moodle HQ stumbled across this problem, but I’m not sure relying on stumbling across security problems is a good strategy. Eloy ”highly recommends” everyone using versions from 1.6 to 1.9 upgrade…I wonder if Moodle HQ will expect everyone to stumble across the post below in order to get that information ;-)

The clock is still ticking on that dedicated security forum on moodle.org….92 Days, 16 Hours and counting ;-)

Security Through Obscurity? I don’t think so!   

Moodle Security Exploit

Source: http://moodle.org/mod/forum/discuss.php?d=106616#p470865 

Quotable Quotes: “On Moodle, where things are very hierarchical, there are a few people dominating “conversation” and stifling most other ideas.”

September 29th, 2008 Send to a Friend Send to a Friend

The quote above is from some live blogging by Stephen Downs. He must be very familiar with moodle.org as well ;-) Evidently, he was blogging during a presentation on PLEs (Personal Learning Environments). I’m very skeptical about how well one can actually absorb, understand, and evaluate a presentation when they are writing and passing judgement on the presentation “during” the presentation (I don’t buy-into this popular idea of people’s unlimited milti-tasking abilities), but he does make a couple of good points. I think the most important point he made in that live blogging session was an observation on Moodle and other VLEs. Simply calling something a “social constructivist platform” doesn’t actually make it one…listening Moodle HQ ;-)

Stephen is noting that the different ways that people are organizing themselves online for the Connectivism course (i.e., Moodle, Second Life, Ning, etc.) are impacting the quality of the conversation. On Moodle, where things are very hierarchical, there are a few people dominating “conversation” and stifling most other ideas. Bloggers are more open, diverse, etc. (represent more of the semantic principles)–having more “productive” discussions. No one is dominating the conversation–everyone is heard, everyone has a voice.

Source: http://michelemartin.typepad.com/thebambooprojectblog//2008/09/liveblogging-st.html

I’m just assuming the quote above is Stephen’s…it could be from someone else blogging about Stephen…it’s difficult to tell with the way it was written. Anyway, the importance is not in who said it…it’s in the truth that is being spoken.

Quotable Quotes: Moodle Gradebook…”…programs written for Windows 95 could do it easier.”

September 29th, 2008 Send to a Friend Send to a Friend

If you are a longtime moodleuser, then you should understand that moodle users are already “united”. A very few of them with lots of avatars under their names are united around the moodle.com mission. If you’re not a paying customer, you’re simply a nuisance in their eyes.

Moodle Gradebook

Source: http://moodle.org/mod/forum/discuss.php?d=107018

In fact, there is another discussion on moodle.org happening right now and the answer given there to a user problem illustrates my point perfectly. The answer is pretty clear…here is the interpretation. “You’re not a paying customer, so stop whining.” And you thought this was a “community” driven by open source principles? ;-)

Moodle Users Stop Whining

Source: http://moodle.org/mod/forum/discuss.php?d=106982 

Lies, Damned Lies, and [Moodle] Statistics

September 28th, 2008 Send to a Friend Send to a Friend

I received the following from one of my readers a couple of days ago.

I recently noticed this announcement by Helen Foster on moodle.org site news:

As the statistics show, our community continues to grow rapidly.
We have over 1,500 new users registering each day.
Congratulations to our 500,000th registered user, who wins a T-shirt from the Moodle Shop. [Source: http://moodle.org/mod/forum/discuss.php?d=105549]

Once you register with moodle.org, there’s no way to unregister.  You are a member for life!  So this number is like the number of people who have passed through Grand Central Station.

I just ran Xenu (broken link checker) on all the sites listed on moodle.org/sites.  Of the 36,000 sites listed, at least 4,000 (11%) do not exist or do not respond.  I did not get the complete count because my virus program was going crazy during the check, warning me about sites designed to steal passwords, download trojans, etc. 

Of the “OK sites,” I’m sure the vast majority are inactive.  For example, the high school district where I used to teach recently gave Moodle the boot.  But I’m sure their 13,000 registered users and hundreds of shell courses will continue to be counted.

There are a couple of very good points in that observation.

  1. Once you create an account on moodle.org there is no way to delete the account.
  2. Once a site is “registered” there is no way to “unregister” and even if there were, no one would do it.

There are some other very good points that weren’t mentioned in the observation above…

  1. The moodle version and build information that is included in the footer of every moodle site also feeds back to Moodle HQ so they can include virtually every Moodle code base on the Internet in their “stats”…forget the security vulnerability this creates.
  2. Anyone with a $3 per month hosting account and Fantastico can install as many moodles as they want with a couple of clicks. Just consider how many you have installed? Now, consider how many of them you actually use. I’ve probably installed Moodle a thousand times over the past few years.
  3. Moodle HQ would have you think that One Moodle Install = One Blackboard Install, similar to what this fool tried to claim in one of the most ridiculous Moodle propaganda pieces on the Internet…that is, aside from all the disciple propaganda in moodle.org ;-)

I wonder if the t-shirt Moodle HQ is sending to that “500,000th registered user” comes in Bot size? By my calculations the probability of any random account created on moodle.org belonging to a computer bot is about p>.965…see, I can generate stats as well ;-)

500,000th Registered Moodle User -- Mr. Bot
Meet Mr. Bot…the 500,000th registered moodle.org user….and the 499,999th, and 499,998th, and 499,997th, and 499,996th, and………….well, you get the point ;-)

Reference: Lies, Damned Lies, and Statistics — Benjamin Disraeli

The General speaks…and all other “would be critics” had better take notice ;-)

September 28th, 2008 Send to a Friend Send to a Friend

The next time you decide to open a post on moodle.org, ask yourself first, would the Disciples approve? It seems moodle disciple and one of the lead Moodle HQ Generals, is still having a tough time with the whole social constructivist thing ;-) See the complete thread at the link below.

Moodle Disciple

Source: http://moodle.org/mod/forum/discuss.php?d=106982

Moodle Admin Email Security Exploit?

September 25th, 2008 Send to a Friend Send to a Friend

There is an interesting discussion [well, between two users at least] on moodle.org about a possible admin email/messaging system security exploit, but since moodle.org has a dedicated discussion forum for virtually everything except for Moodle Security, you may have a difficult time finding it. See the discussion at the link below:

http://moodle.org/mod/forum/discuss.php?d=106616

The clock is still running on the moodle.org security forum.

Security Through Obscurity? I don’t think so.

“HELP…..LOCKED MYSELF OUT”

September 24th, 2008 Send to a Friend Send to a Friend

Roles…the worst decision in Moodle since Moodle.

Roles locked out moodle

Source: http://moodle.org/mod/forum/discuss.php?d=106722 

Over 40 Insecure Moodle 1.9 Sites on One Server!

September 20th, 2008 Send to a Friend Send to a Friend

Well, I thought I had seen it all, but what I found today surprised even me. Over 40 insecure Moodle 1.9 sites on a single server.

The screenshot below is of a moodledata directory that contains over 40 subdirectories that are individual moodledata directories of individual Moodle sites. So you’re skeptical? Well, I can’t say I blame you. I was pretty surprised myself. I’ve hidden the directory names in the screenshot to try and protect the identity of these sites, but this is pretty easy to find with a simple Google search.

Security Through Obscurity? I don’t think so!

Over 40 Insecure Moodle Sites

Screen Captured on 20 September 2008.

Moodle Enrollment Key Security Vulnerability II

September 19th, 2008 Send to a Friend Send to a Friend

The video says it all…


 

Recognize this Moodle site?

September 18th, 2008 Send to a Friend Send to a Friend

This is a very active 1.9.2 Moodle site…is it yours?

Security Through Obscurity? I don’t think so!

Moodle 1.9.2 Hacked

Pages: 1 2 3 4 5 6 7 8 9 Next