Learning the World

Our Moodle Wikis were working just fine (well, they were working about as well as the Moodle wiki ever does) until 1.9.4. That’s when they broke; you could select and upload a file (e.g. a photo), but the screen would go white (indicating a PHP error) and your file wouldn’t make it to the wiki. As we have a number of wikis that upload photos, this was a problem.

The issue appears to be a change in the default settings for the wiki. Making the wiki configuration tweaks described in this Tracker report fixed the problem:

• MDL-10641 Wiki binary files option broken

In 1.9.4, Moodle introduces a new security report tool which compares your Moodle roles against different security risks. My colleagues and I just spent the afternoon puzzling through the flags that 1.9.4+ raised in our test Moodle install. Unfortunately, “puzzling” is the optimum word here: we spent a big chunk of time just trying to understand what the report was trying to tell us. Here’s what I learned.

To start, you need to understand how Moodle tolerates risks based on roles (defined under “Risks” in the Moodle Docs wiki.):

• Guest – only capabilities without any risks are allowed
• Student – certain capabilities with spam risks are allowed
• Teacher – certain capabilities with XSS and privacy risks are allowed
• Administrator – all capabilities are allowed

This is important because any custom roles you’ve created are evaluated based on the legacy role that spawned them. So if you start with a student role, and give it some more advanced teacher-like options that allow XSS capabilities, then Moodle will set a critical warning flag because its exceeded the capabilities normally associated with a student.

I need to doublecheck this, but I think that if you change the legacy role associated with the custom role in question to “teacher”, then your custom capabilities will remain the same, but the report will run against the more permissive teacher role. That said, you may not want to get rid of the warnings (since it is helpful to know what a “super student” role could get themselves into) but at least this write-up should help you understand them.

I’d love to see Moodle create a more user-friendly report that says something like:

• “Your role ‘Teacher Assistant’ is based on the legacy role ‘Student’. By default, students are not allowed to have capabilities that permit Cross Site Scripting (XSS), but your custom role allows the following XSS capabilities” — I’d then include a list of the problem capabilities.

You can contribute to improving the Security Report by reading/commenting on this tracker item:

• MDL-18078: Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report

I just ran into an obscure error on our Shibboleth-based implementation of Moodle; when accessing the site with Firefox 3/WinXP a user reported the following error:

“overLIB 4.10 or later is required for the CSS Style Plugin”

A little searching revealed that this is apparently a problem with the browser’s cache; clearing the cache causes it to go away. If you’re proxying Moodle, you may need to clear the proxy’s cache as well. There’s no Tracker item for it; I thought of adding one, but this isn’t really a Moodle problem — it’s a browser one.

• moodle.org: Overlib problem (moodle thread discussing the problem and fixes)
• octette.cs.man.ac.uk overLIB 4.10 or later is required for the CSS Style Plugin

Audio recording tools for Moodle are something that’s come up several times on campus. English and foreign languages faculty would love to be able to use such a tool with students; in English they’d use it to work on student’s inflections and readings of poetry, while foreign languages would use it as part of spoken language critques.

I experimented with using NanoGong to do this, but unfortunately it was just too unstable; the Java applet running it refused to save files on two of the three computers I tried it on … including computers on which it had worked.

COVCELLL has created the audio recording assignment that works with Moodle 1.9. I haven’t had a chance to try it yet, and would love to hear from anyone who has.

Marketing Pilgrim’s posted their list of the most useful plugins for new bloggers. Of the plugins on this list, I can personally recommend Akismet; no blog should launch with out it. A lot of my friends in the hobby game blogosphere use CommentLuv. I’ve taken advantage of it while posting comments, but have never installed it on one of my own blogs.

Moodle has a nasty habit of leaving specail characters in file names after you unzip an archive. It will strips these characters (like apostrophies) from a file when that file is uploaded individually, but if you upload an archive, that process doesn’t happen.

The problem comes when you try and delete that file — Moodle’s scripts can’t handle the special character, and refuse to allow you to move, delete or otherwise modify the file. Fortunately, a fix is coming in Moodle 1.9.5 thanks to the work of Charles Fulton of Kalamazoo College at Hack/Doc Fest III at Reed College in January 2009.

You can read about it in tracker here:

• MDL-237 Special characters left in filenames after unzipping

A patch is available via tracker. A fix will be available in Moodle 1.9.5.

NextGEN Gallery, the popular image gallery plugin for WordPress, has a new version out. v1.2.0 includes a couple of tweaks and bug fixes, but the big thing to note is that it no longer includes the JW Image Rotator, which is the Flash image manipulation tool that allows NextGEN to generate slide shows.

It was removed to avoid licensing conflicts, but no fears — it still works with NextGEN, but now site admins (like me) need to go grab a copy of JW Image Rotator when they install/upgrade the plugin. This won’t affect your site or blog at Lafayette; I’ll be sure to include the file when we do the upgrade here.

Here’s my test of audio/video screen capture using ScreenFlow, in which I use Google to find Waldo. It was recorded on a Mac OS X 10.5 machine with a Logitech Desktop Microphone.

The final Quicktime video is 960×600 pixels (about 50% of the original screen size) It is 1.04 minutes long, and 7.7 MB in size. I used the “Web – High” setting (H.264 video encoding at 850 kbits/sec. AAC sterio audio at 96 kbits/sec). The original video was full-screen; I didn’t attempt to do a full-size export.

Observations: ScreenFlow offers a lot more options than Silverback. For example, when doing the capture I could choose which of my Mac’s iSight cameras I wanted to use (the MacBook Pro’s built in iSight or the one on my external monitor) as well as which monitor to use (the MacBook’s or the external one). It includes 11 export options, and a number of video tweaking options within the program, including the ability to move/resize the picture-in-picture video and the ability to add on-screen text. I like Silverback for its fire-and-forget nature, but I think ScreenFlow offers us more long-term flexibility.

Download

I’ve had great luck using NextGEN Gallery in my WordPress MU pilot install at work, but we have run into a few MU-specific hiccups with the flash file uploader and the location of the file image rotater. This led me to suggest some site-wide configuration options for the plugin in the WordPress support forums:

http://wordpress.org/support/topic/251863?replies=1

Here’s what I suggested:

The Default Image Rotator location

The plugin attempts to guess the default location for the imagerotator.swf file based on the assumption that the plugin is installed as part of a standard WordPress installation. This makes the path something like:

http://www.example.com/username/wp-content/plugins/nextgen-gallery/imagerotator.swf

Unfortunately, in a WordPress MU install, the plugin is not located in the user’s directory; instead it’s in the main plugins directory. e.g.:

http://www.example.com/wp-content/plugins/nextgen-gallery/imagerotator.swf

It’d be great to have a global option that allows me to specify what the default path should be for all of the NextGEN galleries on the WordPress MU install.

Global “Disable Flash Uploader” option

The Flash uploader has been problematic on and off for a while. While 2.7 got it working on non-secure sites, there’s a known issue with Flash and https that prevents it from working in sites secured with https.

NextGEN allows users to disable the Flash uploader on a per-site basis, which is helpful, but I’d love a global option that would allow me to disable the Flash uploader site-wide.

If these options sound helpful to you, please drop by the forums and add your voice to the conversation.

Google’s announced support for seamless integration between Moodle and Google Apps thanks to the work of third-party developer Moodlerooms:

Moodlerooms, a SaaS provider of Moodle, just launched an application built on the Moodle platform that lets school admins bring Moodle and Google Apps together with a single sign-in. So now, students who told us they didn’t want to sign in to multiple environments – like an LMS to get their course content and a productivity suite like Google Apps to actually do their work – have the answer they’ve wanted.

If you’re wondering about how this is technically done, read on:

Moodlerooms used the industry standard SAML 2.0 and OAuth protocols to securely integrate with Moodle, building on open extensibility features of Google Apps Education Edition. Using these extensibility features, any educational software vendor can take a similar approach to provide user directory synchronization, single sign-on, and user data integration with their service.

This is cool and all, but there is a downside, as illustrated by a recent bug Google accidentally introduced into Google Docs that allowed documents in Google Docs to be shared with anyone you’ve ever shared a doc with. The bug only affected .05% of users, but still it illustrates the potential drawbacks and dangers of using a web cloud-based app like Google Docs. Which isn’t to say that Moodle itself is perfect, but you’re increasing you’re exposure by relying on two web-based apps.