A friend and former colleague at a college in the Philadelphia area is looking for someone who could help their IT staff with making a decision whether or not to switch from Blackboard to Moodle. I'm not sure about the details. But if someone is available and willing, please post a reply here.
Thanks.
In reply to Steven Day
Re: Anyone in Philadelphia area wishing to do consultation?
by ben reynolds -
Can't do f2f, but willing to do phonecalls. I'm in Baltimore. We abandoned WebCT 4.1+ for Moodle 2 years ago. My email is on my profile.
There are also lots of Bb vs. Moodle reports from uni's on the web. Google will go a long way.
There are also lots of Bb vs. Moodle reports from uni's on the web. Google will go a long way.
In reply to ben reynolds
Re: Anyone in Philadelphia area wishing to do consultation?
by Steven Day -
Thanks for your reply, Ben. I think they want a tete-a-tete, but let me check first.
I have seen the comparisons online and forwarded some of that information. But my sense is they want to talk to someone to get yet another perspective.
I have seen the comparisons online and forwarded some of that information. But my sense is they want to talk to someone to get yet another perspective.
In reply to Steven Day
Re: Anyone in Philadelphia area wishing to do consultation?
by ben reynolds -
I hope you get a nibble closer to Phillie, then. If needed, I can set up an Adobe Connect session with them.
I sat on our CMS support committee here when we were weighing which way to go, so I'm familiar with the issues of switching. OTH, if the questions were going to be hardcore IT hardware, I wouldn't be the guy to talk to.
My division started to go w/ Sakai but found it not ready for prime time. So, to Moodle. The rest of the uni took a year or so to decide on Sakai. Except, of course, for the divisions that stuck with Blackboard. "University" is a synonym for "confederacy."
The item I noticed most when we were comparing CMSes was our tendency to think in terms of our current CMS. "Does it have X?" Well, almost no one else calls it "X," so we would think "No X" until someone experimented and found it was called "Fish."
Good luck!
I sat on our CMS support committee here when we were weighing which way to go, so I'm familiar with the issues of switching. OTH, if the questions were going to be hardcore IT hardware, I wouldn't be the guy to talk to.
My division started to go w/ Sakai but found it not ready for prime time. So, to Moodle. The rest of the uni took a year or so to decide on Sakai. Except, of course, for the divisions that stuck with Blackboard. "University" is a synonym for "confederacy."
The item I noticed most when we were comparing CMSes was our tendency to think in terms of our current CMS. "Does it have X?" Well, almost no one else calls it "X," so we would think "No X" until someone experimented and found it was called "Fish."
Good luck!
In reply to ben reynolds
Re: Anyone in Philadelphia area wishing to do consultation?
by Steven Day -
Thanks, Ben. I'll see if they're interested in doing something via Adobe Connect. I don't think they're looking for someone with hardware expertise.
The real questions and issues are the same as you raised in your post. It's a smaller school, so there won't be different divisions to consider. My sense is doing comparisons of functionality and also considering how the switch will impact the actual users.
Cost is one of the reasons for considering the switch, though BB seems pretty reasonable compared to what WebCT was gouging universities for before they were gobbled up by BB. But the fact that they have one staff member working almost full-time on BB issues makes a good case for switching to Moodle.
Thanks again for your help, Ben.
The real questions and issues are the same as you raised in your post. It's a smaller school, so there won't be different divisions to consider. My sense is doing comparisons of functionality and also considering how the switch will impact the actual users.
Cost is one of the reasons for considering the switch, though BB seems pretty reasonable compared to what WebCT was gouging universities for before they were gobbled up by BB. But the fact that they have one staff member working almost full-time on BB issues makes a good case for switching to Moodle.
Thanks again for your help, Ben.
"But the fact that they have one staff member working almost full-time on BB issues makes a good case for switching to Moodle."
That is not likely to change by switching to Moodle and could very well get worse.
That is not likely to change by switching to Moodle and could very well get worse.
I'm no expert but it's clear to me that the vulnerability shown on the clip above is not reproducible on simply "any" Moodle site world wide as educhalk.org claims. It works because of the way he has set up his site.
Here is a posting from his site:
"Another example is the huge security hole first reported here just a couple months ago demonstrating how any teacher on any Moodle site in the world could download the entire user database table and have access to all user information–usernames, passwords, e-mail addresses, phone numbers, etc., for every user on the Moodle site. Professional Moodle partners all over the world got caught sleeping at the wheel…again."
Hyperbolic claim. Seems that educhalk has a bone to pick with Martin and the Moodle community given the ad hominem attack on its users and what he claims is the "closed, arrogant, intolerant, atmosphere that has been cultivated on moodle.org by the Moodle lead developer."
You can read more by going to the URL below.
http://educhalk.org/blog/
By the way, welcome to the forum Jim Jones. I'm impressed by the alacrity of your posting, coming so soon after you joined. Glad the internet is up in Haiti too.
Here is a posting from his site:
"Another example is the huge security hole first reported here just a couple months ago demonstrating how any teacher on any Moodle site in the world could download the entire user database table and have access to all user information–usernames, passwords, e-mail addresses, phone numbers, etc., for every user on the Moodle site. Professional Moodle partners all over the world got caught sleeping at the wheel…again."
Hyperbolic claim. Seems that educhalk has a bone to pick with Martin and the Moodle community given the ad hominem attack on its users and what he claims is the "closed, arrogant, intolerant, atmosphere that has been cultivated on moodle.org by the Moodle lead developer."
You can read more by going to the URL below.
http://educhalk.org/blog/
By the way, welcome to the forum Jim Jones. I'm impressed by the alacrity of your posting, coming so soon after you joined. Glad the internet is up in Haiti too.
Steve, you are wrong about the vulnerability, but as you state, you are no expert. I would have to say that "figaro" is.
Be that as it may, the point being debated is staffing for Moodle, and while there are economies of scale to be had, anyone suggesting that you don't need an admin or two, especially if you venture ourside core, is indeed gulping the coolaid. In fact risk re both issues figaro has addressed in the last year would probably be avoided with hq SA s on staff, though clearly most moodles were at risk. Every update means potential conflicts both in core (less likely but it happens) and in add-on modules requiring maintenance of a sandbox and testing before roll out to production. But that s a matter of professionalism.... and some people skip on that, lol, while others note that we're not talking about banking ;)
I can only say that as someone who has been responsible for federal agency and state systems which hold financial and property data worth many many millions, it is rarely a good idea to blow off anyone. As a lawyer I would suggest that telling your school board that you don't need manpower because there is nothing to worry about would be about as foolish an act as I can imagine (there are boards that don't take matters such as porn on their website lying down, and whether they are over reacting or not, you don't want to be answering their questions...)
Be that as it may, the point being debated is staffing for Moodle, and while there are economies of scale to be had, anyone suggesting that you don't need an admin or two, especially if you venture ourside core, is indeed gulping the coolaid. In fact risk re both issues figaro has addressed in the last year would probably be avoided with hq SA s on staff, though clearly most moodles were at risk. Every update means potential conflicts both in core (less likely but it happens) and in add-on modules requiring maintenance of a sandbox and testing before roll out to production. But that s a matter of professionalism.... and some people skip on that, lol, while others note that we're not talking about banking ;)
I can only say that as someone who has been responsible for federal agency and state systems which hold financial and property data worth many many millions, it is rarely a good idea to blow off anyone. As a lawyer I would suggest that telling your school board that you don't need manpower because there is nothing to worry about would be about as foolish an act as I can imagine (there are boards that don't take matters such as porn on their website lying down, and whether they are over reacting or not, you don't want to be answering their questions...)
Thanks for your reply, Marc.
The original post was not intended as an inquiry about staffing issues. I did express surprise that in addition to paying an annual fee for Blackboard, a very fine CMS, this college also had to dedicate one staff person full time to support. The argument against Moodle that I had heard before is that schools would have to hire someone to set it up and administer it. So it was in that context (though not explicitly). I am well aware that it's not "free beer" but more akin to the "free puppy" analogy posted earlier. It is simply one consideration among many, including security.
As to blowing off people, yes, I am circumspect of certain posters with dubious profiles. I am also suspicious of sites that make ad hominem attacks on people. Seems as though there are other motivations at work. And there are better ways of pointing out vulnerabilities than what I witnessed on that site.
Finally, you're making a fallacious inference about the colossally foolish act of presenting before a school board an argument that "they don't need manpower because there is nothing to worry about." Nowhere do I even remotely suggest this, especially since there is no school board to make the case to in the first place since the institution in question is a college (which I no longer work at). Perhaps your remark was well-intentioned and it's always nice to get legal advice gratis. But you should perhaps read the entire thread to avoid making such erroneous claims.
The original post was not intended as an inquiry about staffing issues. I did express surprise that in addition to paying an annual fee for Blackboard, a very fine CMS, this college also had to dedicate one staff person full time to support. The argument against Moodle that I had heard before is that schools would have to hire someone to set it up and administer it. So it was in that context (though not explicitly). I am well aware that it's not "free beer" but more akin to the "free puppy" analogy posted earlier. It is simply one consideration among many, including security.
As to blowing off people, yes, I am circumspect of certain posters with dubious profiles. I am also suspicious of sites that make ad hominem attacks on people. Seems as though there are other motivations at work. And there are better ways of pointing out vulnerabilities than what I witnessed on that site.
Finally, you're making a fallacious inference about the colossally foolish act of presenting before a school board an argument that "they don't need manpower because there is nothing to worry about." Nowhere do I even remotely suggest this, especially since there is no school board to make the case to in the first place since the institution in question is a college (which I no longer work at). Perhaps your remark was well-intentioned and it's always nice to get legal advice gratis. But you should perhaps read the entire thread to avoid making such erroneous claims.
Whatever your intent, Steve, your statement was,
And, as you note, it is indeed more like a free puppy than a free beer, though there is no such thing as a free lunch except in Juneau.
Now, as to ad hominem argument, the term refers to fallacious argument where one attacks an aspect of the speaker, otherwise irrelevant, for the purpose of suggesting that a flaw in the speaker somehow impacts the speaker's argument (indeed, you are making an ad hominem argument in attacking Figaro.) However, Figaro's argument, as contrasted with yours, addresses the competence of others who purport to be competent, i.e. the competence is relevant, therefore the argument is not ad hominem.
As to how, when and where... Since discussion of the qualifications of Moodle Partners (especially in as much as Martin removed comments made by Gustav Delius re MP's having been vetted, but then added material suggesting that they do meet certain unidentified criteria) have sometimes been difficult to engage in as some posts seem to disappear when the issues are raised, I do have some sympathy for those who discuss such matters elsewhere.
Now as far as fallacious inferences go.... I was using the generic 'you', which does not signify that I was speaking to you personally. I would think that would have been obvious to someone who has a doctorate in language, but then we both know that you were not correcting my misapprehension but looking for an excuse to count coup. I don't know that this is the time or place, but I would suggest that you are coming up short.....
"Cost is one of the reasons for considering the switch, though BB seems pretty reasonable compared to what WebCT was gouging universities for before they were gobbled up by BB. But the fact that they have one staff member working almost full-time on BB issues makes a good case for switching to Moodle."
And, as you note, it is indeed more like a free puppy than a free beer, though there is no such thing as a free lunch except in Juneau.
Now, as to ad hominem argument, the term refers to fallacious argument where one attacks an aspect of the speaker, otherwise irrelevant, for the purpose of suggesting that a flaw in the speaker somehow impacts the speaker's argument (indeed, you are making an ad hominem argument in attacking Figaro.) However, Figaro's argument, as contrasted with yours, addresses the competence of others who purport to be competent, i.e. the competence is relevant, therefore the argument is not ad hominem.
As to how, when and where... Since discussion of the qualifications of Moodle Partners (especially in as much as Martin removed comments made by Gustav Delius re MP's having been vetted, but then added material suggesting that they do meet certain unidentified criteria) have sometimes been difficult to engage in as some posts seem to disappear when the issues are raised, I do have some sympathy for those who discuss such matters elsewhere.
Now as far as fallacious inferences go.... I was using the generic 'you', which does not signify that I was speaking to you personally. I would think that would have been obvious to someone who has a doctorate in language, but then we both know that you were not correcting my misapprehension but looking for an excuse to count coup. I don't know that this is the time or place, but I would suggest that you are coming up short.....
One of several reasons, Marc.
As to ad hominem arguments, unless the "closed, arrogant, intolerant, atmosphere that has been cultivated on moodle.org by the Moodle lead developer" is related to competence, which I do not personally believe it is, then it can be considered ad hominem. Competence stems from skill levels, not arrogance or hubris, which makes such a claim irrelevant. So we are talking about different issues entirely. I did not refer to this Figaro's remarks about technical competence, just his comments about the lead developer at Moodle.
As to your use of the generic "you," perhaps "one" would have been better choice of diction. Language usage is not always obvious in terms of the reception of meaning and has many ambiguities, as you very well know in your line of work.
I'm not here to promote Moodle as a fanboy, and have no issues with criticisms or concerns over its use. My original post was to see if anyone would be willing to meet with some former colleagues to discuss issues involved in a possible switch to Moodle. In the end, I frankly don't care which CMS they choose as long as it's the best choice for them. I know nothing of deleted posts or other issues happening on the forums here (that you refer to above). It's fine if others wish to discuss matters elsewhere. But from reading the thread on Moodle salting today, it seems that the other side of the story has some issues to consider as well. Taking up their cause, in part, out of sympathy does not necessarily make a position correct. I also do not appreciate your final remark.
As to ad hominem arguments, unless the "closed, arrogant, intolerant, atmosphere that has been cultivated on moodle.org by the Moodle lead developer" is related to competence, which I do not personally believe it is, then it can be considered ad hominem. Competence stems from skill levels, not arrogance or hubris, which makes such a claim irrelevant. So we are talking about different issues entirely. I did not refer to this Figaro's remarks about technical competence, just his comments about the lead developer at Moodle.
As to your use of the generic "you," perhaps "one" would have been better choice of diction. Language usage is not always obvious in terms of the reception of meaning and has many ambiguities, as you very well know in your line of work.
I'm not here to promote Moodle as a fanboy, and have no issues with criticisms or concerns over its use. My original post was to see if anyone would be willing to meet with some former colleagues to discuss issues involved in a possible switch to Moodle. In the end, I frankly don't care which CMS they choose as long as it's the best choice for them. I know nothing of deleted posts or other issues happening on the forums here (that you refer to above). It's fine if others wish to discuss matters elsewhere. But from reading the thread on Moodle salting today, it seems that the other side of the story has some issues to consider as well. Taking up their cause, in part, out of sympathy does not necessarily make a position correct. I also do not appreciate your final remark.
Steve,
I was actually referencing comments made earlier in which Figaro challenged the competence of certain MPs, comments that are at the source of the ongoing friction. In the text you quote, the adjectives relate to the atmosphere, not the person allegedly cultivating same and the underlying issue has always been hubris and arrogance (though there may be some disagreement on whose....) In other words, Figaro's position is that a discussion of competence has been barred, and that the atmosphere (described) in the current forums (the ambit of certain persons) has obstructed such discussion. Not to put too fine a point upon it, but making statements unappreciated by the object of the statements does not an ad hominem make. Now, if Figaro were to suggest that the lead developer engaged in spousal abuse in order to argue that the developer was a lousy moderator, that would be an ad hominem argument (whether or not it was true), but as long as the matters raised are indeed pertinent to the argument, as unsavory as the allegations might be they are by definition not ad hominem.
I had considered the alternate usage, but thought better of it as "you" is less impersonal, is historically the second person plural pronoun. and would be understood by you to be generic, after all, ye shall know the truth and it shall set you free (and we really don;t do "ye" anymore, though it is a nifty bit of pronoun.) I believe E.B. White has an oft-quoted quip about surrendering to such usage, but the point here is that you arguably took exception to something for no apparent purpose other than to demonstrate your ability so to do.
Lots o folk don't appreciate lots o stuff. I don't appreciate people taking pot shots at other people without really knowing much about what they are talking about. You engaged in ad hominem, and as it appears acceptable here to delete some posts but not others, I took exception. It would seem that we are both offended and likely clever enough to put that behind us; no harm, no foul. I am certainly not interested in gratuitously insulting anyone unless both parties are too inebriated to give a damn. Or we can continue to amuse and irritate other subscribers.....
I was actually referencing comments made earlier in which Figaro challenged the competence of certain MPs, comments that are at the source of the ongoing friction. In the text you quote, the adjectives relate to the atmosphere, not the person allegedly cultivating same and the underlying issue has always been hubris and arrogance (though there may be some disagreement on whose....) In other words, Figaro's position is that a discussion of competence has been barred, and that the atmosphere (described) in the current forums (the ambit of certain persons) has obstructed such discussion. Not to put too fine a point upon it, but making statements unappreciated by the object of the statements does not an ad hominem make. Now, if Figaro were to suggest that the lead developer engaged in spousal abuse in order to argue that the developer was a lousy moderator, that would be an ad hominem argument (whether or not it was true), but as long as the matters raised are indeed pertinent to the argument, as unsavory as the allegations might be they are by definition not ad hominem.
I had considered the alternate usage, but thought better of it as "you" is less impersonal, is historically the second person plural pronoun. and would be understood by you to be generic, after all, ye shall know the truth and it shall set you free (and we really don;t do "ye" anymore, though it is a nifty bit of pronoun.) I believe E.B. White has an oft-quoted quip about surrendering to such usage, but the point here is that you arguably took exception to something for no apparent purpose other than to demonstrate your ability so to do.
Lots o folk don't appreciate lots o stuff. I don't appreciate people taking pot shots at other people without really knowing much about what they are talking about. You engaged in ad hominem, and as it appears acceptable here to delete some posts but not others, I took exception. It would seem that we are both offended and likely clever enough to put that behind us; no harm, no foul. I am certainly not interested in gratuitously insulting anyone unless both parties are too inebriated to give a damn. Or we can continue to amuse and irritate other subscribers.....
Marc,
I certainly agree that gratuitous insults are not called for unless serious imbibing is involved. Forum discussions not infrequently end up in misunderstandings because of the nature of the medium, since comments are easily taken out of context, and owing to participants being more interested in winning an argument than in reaching an understanding of the issue at hand. I do not agree with all of what you say above but to continue the discussion serves no further purpose related to the original issue.
If you or anyone else can shed more light on this vulnerability, I would be most grateful. It seems to me that it only works if teachers are allowed to add users to courses from the entire database. The Moodle sites I have worked with do not allow this. Figaro claims the "NO reputable system should allow a user to download the entire user database table." I have no disagreement with such a claim. But again, from my own experience I don't see how "any teacher on any Moodle site in the world could download the entire user database table." If I am missing something, then please explain to me. Otherwise, such claims are exaggerated and misleading.
I certainly agree that gratuitous insults are not called for unless serious imbibing is involved. Forum discussions not infrequently end up in misunderstandings because of the nature of the medium, since comments are easily taken out of context, and owing to participants being more interested in winning an argument than in reaching an understanding of the issue at hand. I do not agree with all of what you say above but to continue the discussion serves no further purpose related to the original issue.
If you or anyone else can shed more light on this vulnerability, I would be most grateful. It seems to me that it only works if teachers are allowed to add users to courses from the entire database. The Moodle sites I have worked with do not allow this. Figaro claims the "NO reputable system should allow a user to download the entire user database table." I have no disagreement with such a claim. But again, from my own experience I don't see how "any teacher on any Moodle site in the world could download the entire user database table." If I am missing something, then please explain to me. Otherwise, such claims are exaggerated and misleading.
Up until the latest updates any teacher could do a course backup and include ALL user data. Yes, all user data from the entire site. The backup would contain all user data including password hashes, which could be fed to a rainbow "cracker". What you likely find incomprehensible is that a teacher had that much authority, but let me assure you that was the case (I replicated the procedure and results on two production moodles.) The upshot is that moodle was updated to remove much of that authority from the teacher role (so teachers can't backup user data with course backups.) Now to be fair there will always be a weak link and as was argued if you can't trust teachers, who can you trust. But teachers were largely unaware of the potentials involved and I hazard to see many teachers provided their usernames and passwords to their TAs even if the TA was a HS junior.... And that was simply unacceptable.
At the time a detailed "how to" was published on the web so as to provide those doubting the exploit with specifics , which caused a bit of an uproar here, but the fact that this could be done was really not news to developers ( hence the poo-pooing by some devs.) if you have not updated to the latest greatest in your own moodle you can see for yourself - I am sure I can find someone to help ;)
Of course, the poo-pooing was simply another in a progression of same, hence the frustration of those trying to point out such issues. The more dismIssive the inner cadre, the more strident to the protestations. And since virtually everything argued was true, the perceived suppression of the discussion simply served to aggravate matters.
And, statements setting forth such matters continue to be deleted. In fact I am amazed that this entire thread is still hear as less pointed posts were deleted just days ago. The claim is that pointing out such matters is "flame bait". So one could say that moodle was totally secure, but if someone were to say, "Hang on, did you see this?", that response would be (and has been) deleted.
I am hopeful that this thread may prove a turning point, but I am forever hopeful, and more often than not disappointed.
At the time a detailed "how to" was published on the web so as to provide those doubting the exploit with specifics , which caused a bit of an uproar here, but the fact that this could be done was really not news to developers ( hence the poo-pooing by some devs.) if you have not updated to the latest greatest in your own moodle you can see for yourself - I am sure I can find someone to help ;)
Of course, the poo-pooing was simply another in a progression of same, hence the frustration of those trying to point out such issues. The more dismIssive the inner cadre, the more strident to the protestations. And since virtually everything argued was true, the perceived suppression of the discussion simply served to aggravate matters.
And, statements setting forth such matters continue to be deleted. In fact I am amazed that this entire thread is still hear as less pointed posts were deleted just days ago. The claim is that pointing out such matters is "flame bait". So one could say that moodle was totally secure, but if someone were to say, "Hang on, did you see this?", that response would be (and has been) deleted.
I am hopeful that this thread may prove a turning point, but I am forever hopeful, and more often than not disappointed.
Thanks for the information. It is impossible for me to comment on any deletion of posts since I recently returned here from a long hiatus. Once institutions where I worked took care of administering the school's CMS (both Blackboard and Moodle), there was no reason to visit the forums.
Since the latest updates solve the vulnerability issue, then the posting of the youtube video, clearly coming after the fix, is irrelevant to Moodle's current level of security, and therefore not directly germane to consideration of making a switch to Moodle based on security concerns alone. But, of course, the post was really a warning, perhaps from "he-who-shall-not-be-named-and-who-unfortunately-shares-the-same-given-name-as-me." Any such warnings should be taken very seriously and not censored.
Yet in going through the security forum this evening, it also seems that this fellow is motivated by more than simply wishing to altruistically alert people to potential security issues in Moodle. Such motivations are what I reacted to initially, though my cavalier attitude may have suggested that I was unconcerned about security issues or vulnerabilities. I also could not help but chuckle at the irony of his youtube video lamenting censorship on Moodle that had the comments feature disabled. And although he certainly provides a valuable service in discovering serious vulnerabilities in Moodle, his manner of presentation is highly problematic. Yes, it's the messenger/message issue again. But if the messenger is distorting or misleading others to convey other messages not relevant to the issue at hand, then I tend to be more dismissive.
Since the latest updates solve the vulnerability issue, then the posting of the youtube video, clearly coming after the fix, is irrelevant to Moodle's current level of security, and therefore not directly germane to consideration of making a switch to Moodle based on security concerns alone. But, of course, the post was really a warning, perhaps from "he-who-shall-not-be-named-and-who-unfortunately-shares-the-same-given-name-as-me." Any such warnings should be taken very seriously and not censored.
Yet in going through the security forum this evening, it also seems that this fellow is motivated by more than simply wishing to altruistically alert people to potential security issues in Moodle. Such motivations are what I reacted to initially, though my cavalier attitude may have suggested that I was unconcerned about security issues or vulnerabilities. I also could not help but chuckle at the irony of his youtube video lamenting censorship on Moodle that had the comments feature disabled. And although he certainly provides a valuable service in discovering serious vulnerabilities in Moodle, his manner of presentation is highly problematic. Yes, it's the messenger/message issue again. But if the messenger is distorting or misleading others to convey other messages not relevant to the issue at hand, then I tend to be more dismissive.
"Thanks for the information. It is impossible for me to comment on any deletion of posts since I recently returned here from a long hiatus."
Take the time to do just a little homework...it's not that difficult.
http://moodle.org/mod/forum/discuss.php?d=141979
"Since the latest updates solve the vulnerability issue, then the posting of the youtube video, clearly coming after the fix,"
Again, just some very basic research would keep you from making these completely uninformed statement. Of course, if you want to continue with the "_____ acted stupidly" line without knowing anything of which you speak, then please continue...it is rather entertaining
Take the time to do just a little homework...it's not that difficult.
http://moodle.org/mod/forum/discuss.php?d=141979
"Since the latest updates solve the vulnerability issue, then the posting of the youtube video, clearly coming after the fix,"
Again, just some very basic research would keep you from making these completely uninformed statement. Of course, if you want to continue with the "_____ acted stupidly" line without knowing anything of which you speak, then please continue...it is rather entertaining
Yes, it is entertaining, I agree with you. You must be the same guy who sent me that secret email message, too. That was amusing as well. It's not so much your message but how you go about conveying it.
According to others, the vulnerability has been fixed.
According to others, the vulnerability has been fixed.
I have yet to see any distortion from "Figaro" which is one reason I become exercised at his treatment here. He can certainly be abrasive, but then what of it...
On the otherhand, I think there are quite a few here who would rather that systemic problems with Moodle not be addressed, and I find that troubling indeed.
Issues have been resolved because of Figaro's efforts, but the underlying point from his perspective I think is that bit for his continued "attacks" no action would have been taken and I think Moodle.com's response the the profile spam situation proves that point. As I mentioned, the hash issue was a known feature, and not considered a security issue until figaro actually posted the how to, though the subject was discussed in forum for some time before publication.
Of course, as I think you understand, claims that moodle is secure and easy to use should be tempered with knowledge of the historic accuracy of such claims. And this is the current problem: should people be barred from warning others about the dangers of believing what they are told.
It appears moodle.com's answer to the previous question is "No!", apparently because such postings are "flame bait".... But the evidence argues to contrary. Figaro remind us that pride goeth before a fall. Perhaps he rubs a few faces in it in so doing, but nothing I would not gladly hazard in return for his vigilance ;)
I come from generations of "stiff necked" people, and I have always felt that such persons are the barometer of society. The implications here are that this "community" is an element of a corporate infrastructure which has the right to limit discussion any way it sees fit. The plivatioms for the health of the community are palpable.
Who knows? Maybe Figaro has gone to the dark side, but what diff? Shaitan was rendered evil through the fears of the intolerant only because he posed the question...
On the otherhand, I think there are quite a few here who would rather that systemic problems with Moodle not be addressed, and I find that troubling indeed.
Issues have been resolved because of Figaro's efforts, but the underlying point from his perspective I think is that bit for his continued "attacks" no action would have been taken and I think Moodle.com's response the the profile spam situation proves that point. As I mentioned, the hash issue was a known feature, and not considered a security issue until figaro actually posted the how to, though the subject was discussed in forum for some time before publication.
Of course, as I think you understand, claims that moodle is secure and easy to use should be tempered with knowledge of the historic accuracy of such claims. And this is the current problem: should people be barred from warning others about the dangers of believing what they are told.
It appears moodle.com's answer to the previous question is "No!", apparently because such postings are "flame bait".... But the evidence argues to contrary. Figaro remind us that pride goeth before a fall. Perhaps he rubs a few faces in it in so doing, but nothing I would not gladly hazard in return for his vigilance ;)
I come from generations of "stiff necked" people, and I have always felt that such persons are the barometer of society. The implications here are that this "community" is an element of a corporate infrastructure which has the right to limit discussion any way it sees fit. The plivatioms for the health of the community are palpable.
Who knows? Maybe Figaro has gone to the dark side, but what diff? Shaitan was rendered evil through the fears of the intolerant only because he posed the question...
Marc,
I agree with what you say above. You've made your point quite eloquently. From your other posts I see you have a keen interest in, how shall I put it, the "nature of man" and the constructs of society or ideas. Most stimulating. So I can understand your position better.
I believe strongly in the free exchange of ideas. So it would bother me if moderators here were censoring or removing posts potentially inimical to their own interests and at the expense their users or users' security. But simply being on the other side, as it were, does not leave party B immune from the same critical remarks they may direct at party A. My question about the posting of the video on this thread, however well intentioned the clip was, after the vulnerability was fixed, as you noted it has been, to me was misleading, just as promotional claims and advertisements can be. If the point was to suggest that Moodle (or MP) may be acting in a manner not fair or honest to its users, that point could have and should have been made in a different manner, if only for the sake of clarity. To introduce moral issues and judgments, though always interesting for discussion, was not my intent here.
I agree with what you say above. You've made your point quite eloquently. From your other posts I see you have a keen interest in, how shall I put it, the "nature of man" and the constructs of society or ideas. Most stimulating. So I can understand your position better.
I believe strongly in the free exchange of ideas. So it would bother me if moderators here were censoring or removing posts potentially inimical to their own interests and at the expense their users or users' security. But simply being on the other side, as it were, does not leave party B immune from the same critical remarks they may direct at party A. My question about the posting of the video on this thread, however well intentioned the clip was, after the vulnerability was fixed, as you noted it has been, to me was misleading, just as promotional claims and advertisements can be. If the point was to suggest that Moodle (or MP) may be acting in a manner not fair or honest to its users, that point could have and should have been made in a different manner, if only for the sake of clarity. To introduce moral issues and judgments, though always interesting for discussion, was not my intent here.
Yes, there are always shoulda, coulda wouldas, and if I ruled the world it would be a much better place.... but alas I have little control of anything (my wife's pets daily demonstrating that I am well trained). My sense is that posts become sharper, perhaps shriller, in a kind of feedback loop, and that if folk focus on substance matters do not escalate so dramatically. By way of example, if I respond to someone who posts, "it is a great idea to do x, y and z because they guarantee q results" with the comment, "it ain't necessarily so, see the following by way of illustration", the illustration is probative if it suggests that x, y and z might not produce q, even where one could argue that the particular exemplar was not longer an issue, in that it demonstrates the gap in question. Yes, perhaps such a responder would be better served by offering a range of caveats, waivers and disclosures, but if his post will be deleted with minutes anyway, to what end that additional effort, and does he not have some expectation that the reader has some independent duty of self edification (I take it the basis for Mr. Jones little jab at you.....)
Eloquence is more often than not inadequate to the purpose at hand (and that I suppose is not always a bad thing....) but had the initial response to a posting such s we are discussing simply indicated, "vulnerability eventually addressed in version x.x; see URL for discussion." that is really the end of it. But where the moderator then deletes the post the moderator invites not only reposting, but queries from those on the sidelines (mine own have not been answered by the forum moderator here.) And then the gloves come off and people start getting angry and dramatic.
The surest way to evidence that you have nothing to hide is not to hide anything, as opposed to slicing and dicing words like Thucydides's Athenian's. “Justice will not come to Athens until those who are not injured are as indignant as those who are injured” Perhaps blatantly out of context, but apt?
Eloquence is more often than not inadequate to the purpose at hand (and that I suppose is not always a bad thing....) but had the initial response to a posting such s we are discussing simply indicated, "vulnerability eventually addressed in version x.x; see URL for discussion." that is really the end of it. But where the moderator then deletes the post the moderator invites not only reposting, but queries from those on the sidelines (mine own have not been answered by the forum moderator here.) And then the gloves come off and people start getting angry and dramatic.
The surest way to evidence that you have nothing to hide is not to hide anything, as opposed to slicing and dicing words like Thucydides's Athenian's. “Justice will not come to Athens until those who are not injured are as indignant as those who are injured” Perhaps blatantly out of context, but apt?
Thank you for the stimulating discussion. A mea culpa for not fulfilling my independent duty of self-edification. I concur with the first line (a wonderful chiasmus) of your final paragraph, which again explains why I initially found the video post and mystery email received outside this forum dubious. So, very apt indeed from my perspective, and applicable to all parties involved. Dereliction of above duty aside, however, it seems a grossly unfair burden to expect one, who is a recent returnee, to know of any expunged posts which would then later justify not posting any such caveats, waivers, or disclosures because of they may or may not be deleted immediately.
In any case, I suggest that we stick to matters of substance and end our little debate. (If I ever need counsel and you are available and willing to travel to the lower 48, I would certainly consider you). If you care to share your experience with Moodle, I would be interested in learning more. If not, that is of course fine too. But I really do not care to continue discussing matters not related to the topic at hand.
In any case, I suggest that we stick to matters of substance and end our little debate. (If I ever need counsel and you are available and willing to travel to the lower 48, I would certainly consider you). If you care to share your experience with Moodle, I would be interested in learning more. If not, that is of course fine too. But I really do not care to continue discussing matters not related to the topic at hand.
Oh, "Jim." It's you. Again. I was pretty sure your comment was a troll. Now I know. You should have listed yourself as "Guiana."
Steven, just to add that we have students in the thousands, and we do not have anyone in IT working full time on Moodle's technology. We have a Moodle go-to-guy, but he isn't busy fixing problems.
Steven, just to add that we have students in the thousands, and we do not have anyone in IT working full time on Moodle's technology. We have a Moodle go-to-guy, but he isn't busy fixing problems.
In reply to ben reynolds
Re: Anyone in Philadelphia area wishing to do consultation?
by Steven Day -
Guess we're all drinking the cool aid.
In reply to Steven Day
Re: Anyone in Philadelphia area wishing to do consultation?
by ben reynolds -
Correction, Steven. You mean NOT drinking the Kool Aid.
I've been involved in this same situation twice, & I'm now joining the Foreign Legion to avoid it again.
Astute of you to catch the malarkey so quickly. Means you must have some flame scars under your superhero costume
I've been involved in this same situation twice, & I'm now joining the Foreign Legion to avoid it again.
Astute of you to catch the malarkey so quickly. Means you must have some flame scars under your superhero costume
In reply to ben reynolds
Re: Anyone in Philadelphia area wishing to do consultation?
by Steven Day -
Not drinking Jim's Kool Aid, no. The remark quoted from the website implied that Moodlers are drinking it. So I made a sarcastic quip.
Yes, a few flame scars but you won't find me in a superhero costume.
Yes, a few flame scars but you won't find me in a superhero costume.
Hi Steve,
If your main reason for switching learning management systems is to save money for administration, you are going to be in for a surprise. Moodle is an open-source application. Yes, it is free, but it comes with a cost. In the words of my colleague Kevin Kelley, Moodle is free... as in free puppy, not free beer.
A better solution for your site is to take a much bigger view of learning management systems in relation to what, as a school or district, outcomes you want to accomplish. In addition, the conversation must include a team that goes beyond just the IT folks.
If you are interested in a consultation that includes a learning management process in addition to a strategic planning one, I would be happy to talk with you and your team.
Corey
If your main reason for switching learning management systems is to save money for administration, you are going to be in for a surprise. Moodle is an open-source application. Yes, it is free, but it comes with a cost. In the words of my colleague Kevin Kelley, Moodle is free... as in free puppy, not free beer.
A better solution for your site is to take a much bigger view of learning management systems in relation to what, as a school or district, outcomes you want to accomplish. In addition, the conversation must include a team that goes beyond just the IT folks.
If you are interested in a consultation that includes a learning management process in addition to a strategic planning one, I would be happy to talk with you and your team.
Corey
Thanks, Corey. I'm no longer at the institution considering the change. I think they're taking the approach you suggest above, and they are certainly concerned about faculty members who will have to learn a new CMS system.
If you're near Philly and can meet with them, I can put you in touch.
Best,
Steven
PS Free beer reminds me of Homer Simpson's brilliant labor negotiations.
If you're near Philly and can meet with them, I can put you in touch.
Best,
Steven
PS Free beer reminds me of Homer Simpson's brilliant labor negotiations.
In reply to Steven Day
Re: Anyone in Philadelphia area wishing to do consultation?
by Bruce Conway -
I think the work has already been done for you. I was going to suggest at least making a side-by-side spreadsheet comparison of features, rating/weighting each one and compare the total scores. The list should include features that YOU want. You have to know what you want. An example would be a technical writer who wants to evaluate Word versus Adobe InDesign for desktop publishing. They might have a wish list that includes:
running headers and footers
indexing
table of contents
styles (ease of modifying and using)
compatibility with other graphics programs
multi-sourcing (pdf, html, rtf, etc.)
cost
ease of use
tech support
general bias among tech writers
industry ratings
cross-platform compatibility
market share/takeup in the community
(They know what they want/need, and it ISN'T Word!, or Framemaker for that matter).
http://mfeldstein.com/bad-news-for-blackboard-good-news-for-moodle/
The American Association of Community College’s Instructional Technology Council (ITC) has just published its 2007 Distance Education Survey Results, covering data from 154 U.S. community colleges. And there’s a lot of interesting stuff in it. Here are the headlines that I drew from it:
Distance education continues to grow at a very healthy clip, particularly in this market segment.
Blackboard is losing market share rapidly
Moodle doubled it’s market share in the past 12 months and now has the highest market share after Blackboard/WebCT in this market segment.
ANGEL and D2L also grew their market share.
We have reason to expect more LMS churn in the near future, which is bad for Blackboard.
Blackboard lost 7% market share in this segment over the past year. Even worse for them, it looks like this trend is accelerating. Note that EDUCAUSE reported in 2005 (with a somewhat different survey population) that only 13% of surveyed institutions were considering changing their LMS in the next 3 years. If the two survey populations are behaving similarly, then the number of institutions that are shopping around has more than doubled since then. Under these circumstances, Blackboard could easily lose 20% market share over the next 3 years.
-----
The degree to which this will impact their bottom line and stock price are complex questions. First of all, a lot will depend on how many Blackboard Enterprise customers they lose. Keep in mind that Blackboard has already lost close to a third of their “Basic” license customers in 2006 and 2007 (where the “Basic” category also includes WebCT Vista and CE) and they still performed pretty close to their guidance to Wall Street during that time.
Bruce Conway
Technical Writer and VLE Analyst
Victoria, BC
bvconway@shaw.ca
running headers and footers
indexing
table of contents
styles (ease of modifying and using)
compatibility with other graphics programs
multi-sourcing (pdf, html, rtf, etc.)
cost
ease of use
tech support
general bias among tech writers
industry ratings
cross-platform compatibility
market share/takeup in the community
(They know what they want/need, and it ISN'T Word!, or Framemaker for that matter).
http://mfeldstein.com/bad-news-for-blackboard-good-news-for-moodle/
The American Association of Community College’s Instructional Technology Council (ITC) has just published its 2007 Distance Education Survey Results, covering data from 154 U.S. community colleges. And there’s a lot of interesting stuff in it. Here are the headlines that I drew from it:
Distance education continues to grow at a very healthy clip, particularly in this market segment.
Blackboard is losing market share rapidly
Moodle doubled it’s market share in the past 12 months and now has the highest market share after Blackboard/WebCT in this market segment.
ANGEL and D2L also grew their market share.
We have reason to expect more LMS churn in the near future, which is bad for Blackboard.
Blackboard lost 7% market share in this segment over the past year. Even worse for them, it looks like this trend is accelerating. Note that EDUCAUSE reported in 2005 (with a somewhat different survey population) that only 13% of surveyed institutions were considering changing their LMS in the next 3 years. If the two survey populations are behaving similarly, then the number of institutions that are shopping around has more than doubled since then. Under these circumstances, Blackboard could easily lose 20% market share over the next 3 years.
-----
The degree to which this will impact their bottom line and stock price are complex questions. First of all, a lot will depend on how many Blackboard Enterprise customers they lose. Keep in mind that Blackboard has already lost close to a third of their “Basic” license customers in 2006 and 2007 (where the “Basic” category also includes WebCT Vista and CE) and they still performed pretty close to their guidance to Wall Street during that time.
Bruce Conway
Technical Writer and VLE Analyst
Victoria, BC
bvconway@shaw.ca
In reply to Bruce Conway
Re: Anyone in Philadelphia area wishing to do consultation?
by Steven Day -
Thanks for your reply, Bruce. I shall pass along your information.
In reply to Steven Day
Re: Anyone in Philadelphia area wishing to do consultation?
by E. L. Cooper -
If you have 'til the snow thaws (Mayish) I am sure I could make the drive into a day trip but at the moment I am trying to stay close to home.
In reply to E. L. Cooper
Re: Anyone in Philadelphia area wishing to do consultation?
by Steven Day -
Thanks. I am not certain of their timeline but will check and see if late-spring would work for them. My sense is, however, that May might be too late.
This guy with the handle 'Figaro" is nuts.
He never reveals his identity or his credentials. His educhalk blog site says he is a Wordpress consultant. On another site his profile says he is a University professor. I tried to comment on his blog site and of course my comment would not post since he has to approve it.
Interestingly Blackboard seems to like his blog and uses his blog as a last ditch effort to turn people away from Moodle.
If teachers are given the right to backup data but no right to backup userdata, then the xml file has no user password info. Salting of course is another way.
Perhaps one day Figaro/aka Steve will reveal why he hates Moodle in such a negative way? He is a proponent now for Canvas and Instructure.
He does not seeem to be a type to have written a single line of code nor does he seem to have spent any time in the classroom teaching!