Archive

Archive for the ‘Moodle’ Category

Blackboard buys Elluminate and Wimba

July 8th, 2010 2 comments

Now that Elluminate and Wimba are owned by the evil empire I wonder if all the Moodle disciples will stop using them? It’s going to be real funny watching the all those BB haters using Elluminate at their next Moodle developers meeting…and it will be even funnier when Moodle finally realizes it can’t keep up and BB owns them within the next couple of years ;-)

———————————-

In a fact sheet about the purchases, Blackboard officials promised to continue to support both products, including their compatibility with rival course-management systems and open-source systems. “We’ll honor all existing contracts for Elluminate and Wimba clients,” the company adds in the fact sheet.

Employees from the two companies will be part of a new division of Blackboard called Blackboard Collaborate, which will be led by Elluminate’s current president, Maurice Heiblum. READ MORE HERE…..

Categories: Moodle Tags: ,

Another “Interesting” Moodle Site Hacked

June 12th, 2010 No comments

I noticed a post in the moodle.org forums today that grabbed my attention for a few reasons:

  1. It is reporting yet another Moodle site being hacked…that’s about a bazillion and counting now ;-)
  2. It’s not just any Moodle site…it’s actually a site set-up specifically for a Moodle Moot (a type of Moodle conference that typically attracts a hand full of Moodle evangelist)
  3. It was hacked the same day the Moot was scheduled to take place — Ouch!

Here is an excerpt from the person making the post…

This is a very low traffic site. (www.XXXXXXXX.com) that is used for a Moot we held yesterday. I don’t know if someone decided to be cute by hacking the site on the day of the Moot or what but if that is the case I guess it is quite imperative to figure out how.

But what really caught my interest is that he has made several posts about this in the forums and not a single “expert” over there has pointed out that this PHM, who is hosting a Moodle Moot, of all things, is actually running Moodle version 1.9.4 on his site…a version that is around 18 months old. Someone needs to help this poor guy out and tell him he needs to upgrade…of course, that may not help prevent his site from being hacked, but at least the version won’t show in the footer of his Moodle site any longer. You see, Moodle HQ removed that info a few months ago when I pointed out that one of their largest official Moodle partners was hosting sites (and still is, by the way) that were even more out-of-date than this one  :-)

Moodle Security — An oxymoron if there ever was one!

Categories: Moodle Tags:

BP Moodle Site Hacked

June 10th, 2010 1 comment

As if BP didn’t have enough trouble to deal with at the moment, it seems they were running a Moodle LMS site that was hacked and private data (or data that was supposed to be private) was compromised. While this is pretty amusing and I’m sure it’s not on the top of anyone’s list at BP, it does point out one thing any organization running Moodle should be aware of…if someone really wants to hack your Moodle site, it’s typically not a difficult thing to do.

This hack was posted on moodle.org and the very first response, from a Moodle Business partner of course, was well, “They must have modified it (Moodle) and screwed it up.” That pretty much sums up the attitude of corporate Moodle toward security. There are several lessons here, but one of the biggest is, if you are a trillion dollar company, then why in the world would you go with web software that has been proven time and time again to have security holes large enough to drive an 18-wheeler trough just because you can get it “free”? Ever hear of Blackboard?

The blog post:

http://praetorianprefect.com/archives/2010/06/going-after-bp/

The Moodle security vulnerability:

http://www.xssed.com/mirror/67152/

Categories: Moodle Tags:

Google Launches New Course-Scheduling System

May 24th, 2010 No comments

Last week was a big one for Google fans in higher education. Google Wave opened its doors, and Google Voice now lets students get calls forwarded from their old numbers to their new phones. Google made one more announcement last week—about a new course-scheduling system, CloudCourse—that could potentially have implications for higher education. READ THE REST HERE.

And see the second comment in the comments section of the article…that’s coming and it’s a death sentence to the rigid, out-of-date LMS systems like Blackboard and Moodle. Blackboard may survive as it’s evolving into a full-fledged campus management system, but Moodle, being nothing more than a document repository, gradebook, and discussion forum, is well on its way to extinction.

Categories: Moodle, Uncategorized Tags: , ,

How to waste $39.99?

May 5th, 2010 3 comments

Purchase a Moodle 1.9 Extension Development book…

http://moodle.org/mod/forum/discuss.php?d=149501

…released on the same day Moodle 2.0 “Preview 1″ is released.

http://moodle.org/mod/forum/discuss.php?d=149513

Didn’t someone spend the last 2 years completely rewriting the entire codebase for 2.0?

The phrase ”A day late and a dollar (or $39.99) short” comes to mind. But, that’s about par for anything coming out of remote-Learner.

Here’s an idea…take your $39.99, go down to the local book store, rummage through the discount bins and buy a bunch of Windows 95 books for 99 cents each…if you’re into outdated stuff at least you’ll get more for your money ;-)

Categories: Moodle Tags:

Moodle 2.0 wherefore art thou?

May 3rd, 2010 2 comments

Moodle 2.0…the Godsend to LMS users worldwide…under development for over 2 years now…

Someone emailed me today asking: O 2.0, O 2.0 wherefore art thou 2.0?

He/she may have even posted here: http://moodle.org/mod/forum/discuss.php?d=145632

Actually, that is a very good question, but one that doesn’t really concern me. The person who emailed me (why he/she emailed me is a mystery) stated that Martin (you know, king of the disciples), stated at the recent UK moot that he has decreed Moodle 2.0 Stable will be out in July so all in the Northern Hemisphere will be able to upgrade before school starts in the fall.

Really?

I mean, REALLY?

1. It’s May and there is not even a beta,

2. Have you downloaded what is there now? I have and it’s not pretty, and

3. Anyone who upgrades their campus site to 2.0 this summer (alleged stable or not) should be fired for gross incompetence.

Given Moodle’s abysmal track record with security, privacy, and FERPA compliance the real question people should be asking is O 2.0, O 2.0, how secure art thou Moodle 2.0? The answer to that question remains to be seen…but then again, I may know someone willing to help answer that one ;-)

Categories: Moodle Tags: , ,

Moodle — 1990′s Technology in 2010

April 13th, 2010 No comments

Sad…

Categories: Moodle Tags:

More Major Moodle Security Vulnerabilities Discovered

March 28th, 2010 3 comments

Moodle, the open source learning management system, has been plagued with major security and privacy vulnerabilities over the past couple of years with the severity of those issues seeming to be on a sharp upward trajectory. Information about another batch of very serious security and privacy issues was released yesterday (Saturday, 27 March 2010) with notice that everyone needed to upgrade.

Understand…these issues weren’t discovered yesterday…they have been in your codebase for a very long time…they were simply released yesterday to a select few people.

The details of those security and privacy vulnerabilities were sent out to a mailing list on Saturday to every hacker in the world who has bothered to subscribe to the list…subscription to this “advanced notice” list is as simple as pushing one button with no verification of identity required. Ironically, if you look at the release notice for Moodle 1.9.8, this is what you see about the security issues:

The irony?:

1. The details of these very serious issues have already been emailed out to every hacker subscribed to that list by the Moodle lead developer himself. On Monday morning, Moodle admins (who happen to be subscribed to this list) will discover what hackers have known since at least Saturday and probably much longer.

2. By Moodle’s own figures, only 0.001666% of its users are actually subscribed to this security list–of course, they have no way of knowing how many of those actual subscribers are not Moodle admins at all, but are would-be hackers waiting for their “advanced notice”.

“The software is used by 27 million people worldwide, but only 45,000 are officially registered, so it is difficult for Moodle.com to alert everyone.”

Source: http://www.tes.co.uk/article.aspx?storycode=6008670

3. By Moodle’s own figures, that means over 99% of the users have not been notified by this “advanced” notification system.

4. The notice was send out yesterday and it is already posted all over the web–of course, none of the places where it is posted are places Moodle users would be visiting…one, of many: http://pastebin.com/gQyWEszM You can Google for others…

If you are using Moodle in any kind of real-world situation, then you should be very concerned not only about the recent flurry of major security issues plaguing the software, but also about the way official notice is being sent out to hackers while the user-base at large is kept in the dark.

As I’ve said before, it’s my belief that at the same time these issues are sent out to that list, they should also be plastered across the moodle.org homepage and posted to every moodle blog, website, twitter account, etc., to give everyone a fighting chance of defending their sites against would-be hackers.

Just the opinion of one informed user who is not affiliated with Moodle.

Categories: Moodle Tags:

Moodle — 1990′s LMS Technology in 2010?

February 27th, 2010 10 comments

Moodle should make my life easier, not harder. I do appreciate what it allows me to do—post course content without having to fashion an entire course web page on my own, include RSS feeds from other sources, have one central location for grades and hand-ins and such—but I feel that sometimes it is more lacking for power users than for beginners. Good software should accomodate beginners, advanced beginners, power users, and experts equally well, and in this sense Moodle fails.

Source: http://acdalal.wordpress.com/2010/01/11/my-moodle-wish-list/

A very good summary. Moodle is good for beginners who really only need a place to upload some docs, have an online gradebook–if they can figure out how to use it–, and allow students to upload assignments. It does have those features and a few others–essentially the same features it had 5/6-years ago. Hard to believe? Download and install Moodle version 1.5 and look at what it had in 2004/2005 vs what it has today.

http://download.moodle.org/stable15

All the core features are pretty much the same…could explain a lot of the frustrations felt by power users. Yea, Moodle is cheaper than Blackboard, like a Mule is cheaper than a Mercedes. Until, of course, the vet bills (1, 2, 3, etc…) start coming in…then the cost of the Mercedes doesn’t seem so high and it’s a heck of a lot nicer ride without leaving a trail of manure behind it ;-)

Of course, Moodle 2.0 has been in the works for about 2 years now and promises to deliver a revolution to the LMS world once released. Moodle.com has opted out of the Google summer of code this year because 2.0 development demands all their time/energy. So, who knows, maybe 2.0 is what power users like the one quoted above have been waiting for…we’ll see.

Categories: Moodle Tags: ,

Moodle Security, Censorship, and Trust — An Observation

February 3rd, 2010 17 comments

It’s no secret that Moodle, the open-source learning management system, has suffered from some very serious security problems recently. And those security problems aren’t limited to individuals who simply buy a cheap, $5 hosting account, install Moodle using Fantastico, and try to set up an online class when they really don’t know what they’re doing.

In fact, some of the biggest Moodle security problems have impacted customers of some of the largest professional Moodle hosting providers–Moodle Partners–commercial companies endorsed and certified by Moodle to provide professional, enterprise-level services.

One example of this is the Moodle porn spam issue that impacted millions of Moodle sites all over the world–and still impacts an untold number of sites today. This issue received world-wide attention when Primary School Moodle sites, provided by a certified Moodle Partner, were found to be infested with vile pornography.

Source: Primary schools hit by porn hackers
Source: Porn infecting ‘thousands’ of e-learning (Moodle) sites

Another example is the huge security hole first reported here just a couple months ago demonstrating how any teacher on any Moodle site in the world could download the entire user database table and have access to all user information–usernames, passwords, e-mail addresses, phone numbers, etc., for every user on the Moodle site.  Professional Moodle partners all over the world got caught sleeping at the wheel…again.

Source–just one of many: Groot gat in open source e-learning cms Moodle

One would think that an open-source “community” with problems as serious as Moodle has had recently, would invite open and honest communication about its products and services, but you would be wrong.

I don’t know many things for sure, but one thing I do know is that Moodle has not seen the last of these types of problems. The closed, arrogant, intolerant, atmosphere that has been cultivated on moodle.org by the Moodle lead developer will continue to ensure that there is no shortage of people just waiting to expose the next big hole…it’s not a matter of “if” there is another big hole…it’s only a matter of “when” it will bite Moodle (ergo Moodle users) in the rear.

Categories: Moodle Tags: ,
Get Adobe Flash playerPlugin by wpburn.com wordpress themes