Flickr Search

Flickr has millions of photos. (Maybe billions.) Many of these photos are tagged. One can look at all the photos with a tag. Every tag has a built in RSS feed. However, to view a combination of tags, one needs to search for the two tags.

Something I would like to see is an RSS feed for Flickr searches. Having to choose between duplication making see the same picture more than once or missing photos because users are… inconsistent.

This is easier than me moving some place else.
🙂

LMS Security

This morning there was a flurry of effort to locate an article called “Hacking WebCT.” My coworker was able to locate it. We were disappointed. 

The main points of the article were:

  1. Lazy administrators make compromising user accounts easy.
  2. Lazy instructors make getting questions for assessments easy.

These apply to any LMS. So, here is some advice to counter the issues raised in this article.

 

Accounts

Default passwords are the bane of any system. Make users change them. (Yes, this increases support tickets.) This usually comes about because the administrators did not integrate the LMS authentication with LDAP, Kerberos, or CAS  which allows for central management of accounts. Central management of accounts means fewer accounts are likely to sit around with easily guessed intially imposed credentials. 

Linking many services together also raises the exposure should one account account me compromised. Enforce decently strong passwords. Too strong and frequently changed password will encourage users to employ means of remembering passwords which defeat the point. Passwords probably should not ever be just birthdays.

Not sure what advice to provide about the potential of a student installing a keylogger on a computer in a classroom?

 

Assessment Cheating

A long availability period (like a week) provides opportunities for enterprising students to exploit the issues with passwords to see and research questions in advance. Instead, a quiz with a short availability period like an hour means less time to go look at the other account, record the questions, research them, then go back into the proper account and take the assessment.

Instructors should use custome questions. Students can obtain questionss provided by publishers in ePacks or with textbooks from previous students, the same textbooks the instructor received, or even web sites online which sell the information. 

High stakes testing ensures students are looking to cheat. When the value of questions is high, these easier methods than knowing the material ensures a war between students and instructors over cheating. Of course, lowering the value of the questions increases the workload of the instructor. 
🙁

Mail From Address

It appears CE/Vista has several locations for defining the email addresses it uses for SMTP.

  1. $WEBCTDOMAIN/config/config.xml:
    mail.from=
    From address for messages sent.
  2. $WEBCTDOMAIN/customconfig/startup.properties:
    WEBCT_ADMIN_EMAIL=
    Some internal errors have a mailto: prompt to contact the server administrator.
  3. $WEBCTDOMAIN/serverconfs/log4j.properties:
    log4j.appender.EMail.To=
    Report fatal errors.
  4. $WEBCTDOMAIN/serverconfs/log4jstartup.properties:
    log4j.appender.EMail.To=
    Report fatal errors.
  5. $WEBCTDOMAIN/webctInstalledServer.properties:
    WEBCT_ADMIN_EMAIL=
    Installer picks up this value for populating #2 and possibly #3 and #4.
  6. $WEBCTDOMAIN/webctInstalledServer.properties:
    MAIL_ORIGIN=
    Installer picks up this value for populating #1.

What really disturbs me is the Vista 8 installer created log4j properties files with the  SMTP server set up for miles.webct.com and sending from vista.monitor@webct.com? I cannot seem to find anything in the Vista 8 documentation or wiki or Google index about the “Vista Trap Notification” subject line, from address, or SMTP address which the log4j appender appears to be designed to send.

This Vista Trap Notification appears designed to send an email to the address any time a fatal error is encountered. That’s fine. Just use the smtp host and From address requested in the installer.

Don’t get me started about giving end users a mailto: prompt to report errors.

Bb Suggestions

WebCT used a suggestion form to collect product improvement ideas from the various users (instructors, instructional technologists, administrators, etc.). I’m not sure if the switch to opening enhancement request support tickets under Blackboard was something new to improve the support model overall or just a change for former WebCT customers as support integrated. Interestingly, Blackboard recently returned to the suggestion form.

So… Send in your feature requests. I am too busy working on getting the bugs fixed to work on new features.

How Not To Break a Frame

Correct:

<script language=”Javascript” type=”text/javascript”>
if (top != self)
{
top.location = window.location;
}
</script>

Incorrect:

<script language=”Javascript” type=”text/javascript”>
if (top != self)
{
top.location = “/webct/urw/lc18361011.tp0/logonDisplay.dowebct”;
}
</script>

The problem with incorrect is the address used here is not the address in the location bar.  The one in the location bar has the values required to login. Instead I get something which causes users to be unable to login. Example: So we send someone to http://westga.view.usg.edu. They get redirected to another address in which we provide the glicid, insId, and insName. Correct breaks the frame and gives the browser back the same address. Incorrect breaks the frame and gives the browser back a different, non-functional address. Bad. Bad. Bad.

WebCT Vista 3 used the Correct JavaScript which just passes back the address used. Blackbord Vista 8 for some reason changes what worked to Incorrect.

Yay for first day of classes.
🙁

UPDATE 1:

It gets better… Bb Vista’s Custom Login and Institution List pages are unaffected (aka use the Vista 3 style JS). Only going to the generated logon page, loginDisplay.dowebct, has the issue.

Christmas Blog Post 2008

Last night I read Uncle Bill’s Christmas letter. He mailed it, but he apparently doesn’t have my postal address so I got the electronic version. Woohoo! His letter recaps the year for his family. Do any of you have such a tradition? Or a family member who does? Oddly my blog doesn’t provide much basis as it is devoid of personal information.

So here goes….

Family

Mom went off to Houston in January to consult with one of the best doctors in the country about a health issue. How things fell into place to allow her to get better amazed me daily. I got to grandparent sit for a week where I made Nannie tell stories so I could post them on Youtube. 😀

William married Nicole, his high school sweetheart. I finally have a sister. It rained on us briefly, so if you are into superstitions, that means either: 1) kids, 2) money, or 3) good luck.

I met Dad’s girlfriend, Sally, this year. She is definitely very nice. I’m happy with the match.

Friends

My only New Year’s Resolution for 2008 was to read 25 books this year. I completed that goal back in October. I’m thinking for 2008 to do a similar resolution. This time I’ll count up the number of pages and set a goal to read 20% more pages.

Some fellow Flickr users started an Athens Flickr Meetup. I’m hoping this is something to continue in 2009 as the weather improves. (Though who knew Georgia would be 20 degrees Farenheit above normal in December?)

RingsAdrianne and Britt asked me to be the photographer for their wedding. I spent hours looking at professional photographer portfolios for ideas about what I should capture. You see, while I do have a camera, I had never really taken photos at a wedding. Heck, few people invite me to weddings, so I was a little unclear what happens. In the end, I think it all turned out pretty well. Adrianne is happy. So I am happy. Working in computers became a profession because it was a hobby. Maybe photography will end up the same in the end? Posted 840 photos to Flickr this year. Started freelovephotography.com to show off my photography.

Las Vegas in July? Dumb. Star Trek: The Experience made my geeky heart soar.
NCC-1701-DNCC-1701-D @ ST: TXP

Separate Populations?

What are my neighbors doing? Curiosity about that question resulted in some conflicting data. Ordered by when I added the RSS feed for them.

  1. search.twitter.com for “Athens GA”  – results are full of people talking about Athens, GA not in Athens, GA. Useful for people coming into town for an event.
  2. TweetLocal search for “Athens, GA” (or 30605 get same results) within 20 miles – Over the last 24 hours the RSS feed has given me 12 posts. First 5 users in search before 9pm: JeremyAce4 in Athens, GA, justdandelions in athens, ga, bozaf in Néa Smírni, Europe/Athensaaronbarton in Athens, GAelbee103 in Athens, GA (last @ 7pm). The hit on Europe/Athens is pretty disappointing.
  3. search.twitter.com for “near:AHN within:20mi” (or 30605 or AthensGA get same results) – Over the same 24 hour period, its RSS feed has given me 53 posts. First 5 users in search before 9pm: ThePicManjulieteastonryan_lafountainRyanHaguealester (last @ 7pm)
No overlap. How is that possible when they supposedly are coming from the same population (time, space, and active)? Both services look for their data on Twitter. Both are looking at the self-identified location for Twitter users. Both have the same range. So, why do they have such different results?
Looking specifically for the Tweetlocal users in search.twitter.com reveals them in the results. Searching on a user though doesn’t reveal the location. On the profile is the right location, so they should have been in both results.
Both fail in my opinion.

Access to Multiple Systems

For the term starting Jan 7, we have students who need to be directed to the new Vista system (v8). By standard practice, students also have access to the previous term a few weeks into the new term, let’s say Feb 23. So we’ll need to ensure some access to the old Vista system (v3).

There are multiple ways we can handle this access:

  1. School VIPs – We highly encourage users bookmark, publish links, and access school VIPs instead of the actual address. The idea being these addresses will always go to the right place. Other addresses could change and not work. We even have a v8 version for pre-cutover access and a v3 version for post-cutover access. The problem seems to be some campuses and users continue to use the addesses other than the school VIPs (v8 will only show them the school VIP).
  2. Custom login page – We would place an HTML file on the v3 system explaining general access has moved. Some people would need to get past this page and into the v3 system. The questions here are:
    1. Can we just give the admins the link to bypass the custom login page? They could then manage who has access to the site. They might have to provide this “secret” to thousands of students.
    2. Do we dare publish the link on the page? Something like “To check Fall 2008 grades: click here.”
  3. Deny access – We would deny access to all users except those who hold the Institution Administrator role in v3. The holders of that role would then be responsible to granting access one-by-one to other users who need to access to this old system.
  4. f5 iRule to 302 Redirect – We do host a school who uses autosignon. It is conceivable we could intercept attempts to login and redirect them to the correct host. It would be much better for them just to use the School VIPs solution.

Anyone have a better solution?

Open Source Is Not Broken

Cohen says:

Open-source code is generally great code, not requiring much support. So open-source companies that rely on support and service alone are not long for this world. The traditional open-source business model that relies solely on support and service revenue streams is failing to meet the expectations of investors.

The whole point is to have a model producing great code. As these open source companies try to be everything to everyone, they eventually hit the same issue as proprietary companies: Bloatware. The software starts to suck and the users abandon the ship for another product which seems to do the same job better.

User Interface Resigns

Why did you do it, Flickr? Why?

Originally uploaded by issuez

Changes to the Flickr home page and Facebook’s overall UI were intended to make them more streamlined.

So why is there a vocal rejection of these UI changes? Well, management is focused on attracting new users. In their minds, the people using the system are hooked and going to stay. Word of mouth is how I see these new users getting added. Upset customers don’t recommend a company to their friends.

tag: