mnits-devel Mailing List for MnITS Internet Training System
Status: Beta
Brought to you by:
bartholomew
Menu
▾
▴
mnits-devel — Mailing List for MnITS Developers
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
(11) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|
|
From: Daniel B. <da...@pl...> - 2002-03-22 19:39:58
|
I'm currently working on some of the Documentation in preparation for the 0.0.5a release of MnITS. What I need to know is this: which parts of the interface need documentation the most? I know the system inside-out, but I have limited time to work on documenting the system, so I need to prioritize and get the most needed and/or critical documentation done first. Thanks! -- Daniel Bartholomew |
|
From: Daniel B. <da...@pl...> - 2002-03-08 22:13:33
|
I've released the fourth alpha of MnITS. This one took awhile, and I wasn't able to finish everything I wanted to for this update, but it is now available. See the ChangeLog for what was changed from MnITS_0.0.3a. I'm going to focus on Documentation for the next release (although there are some improvements/bug-fixes/modifications that I want to make as well). I know how to use the system, but I built it, and from the comments I've been getting on the Message Boards, some good documentation is key. Don't expect MnITS_0.0.5a for at least two weeks (probably a bit longer) because of this. -- Daniel Bartholomew da...@pl... |
|
From: Daniel B. <da...@pl...> - 2002-02-20 22:36:36
|
Hey all, Sorry I haven't posted any status reports on what I've been doing for the past few days. The flu had me under for about a week and when I got back to work I had an urgent project to get out of the way before working on anything else. The good news is that MnAdm_Reports.php is the result of that project. One thing that my employer wanted was to be able to quickly pull a system-wide progress report of all of the students in the system, and that's what this file attempts to do. To celebrate it's arrival I created a new section in the admin interface - "Reports". It's the last item on the list in the "manage MnITS" box. Clicking on it brings up a familiar tabbed interface with two tabs - Progress and Other. Other doesn't do anything, it's just a placeholder for future expansion. The "Progress" tab leads you to the aformentioned Progress report. Oh, you'll need the latest CVS version for all of this to work. I made updates to MnAdm.php in particular, and of course, created the new file MnAdm_Reports.php. In other news, the Register component of the Users section of the admin interface is now working (again, get the latest CVS version). It provides a simple point-and-click interface to Registering Students for Modules, and Authorizing them for specific Lessons. It has already come in very handy for me as a quick way to give students access to things. Enjoy! I've made a few other changes, check the cvs version of the ChangeLog to see what they are. I'm going to finish up a few more things (some outstanding bugs, and some documentation) and then try and release alpha 4 (MnITS_0.0.4a) late this week or early next week for those that do not have access to cvs. As they say, release early, release often! Take care. -- Daniel Bartholomew da...@pl... |
|
From: Glenn W. <wat...@so...> - 2002-02-14 06:03:34
|
I agree there must be a better way than to chmod folders to 777? P.S. Me and the wife are running away for the weekend....until Monday anyway. So if I seem a little quite, it is because I am relaxing in a hotel beside a pool. :-) |
|
From: Daniel B. <da...@pl...> - 2002-02-13 22:53:47
|
On Wednesday 13 February 2002 03:53 pm, Cyt0plas wrote: > Also, for some performance increases: > TRY TO AVOID the " operator. Use ' instead. ' is not parsed, and requires > significantly less CPU time. Only use " if you need to parse it. > > Bad: > $MnHome = "http://www.SomeSchool.edu/MnITS"; // No need to parse it > array_push($ModuleIDArray, '$ModuleID'); // $ModuleID must be parsed > > Good: > $MnHome = 'http://www.SomeSchool.edu/MnITS'; // Less CPU usage! > array_push($ModuleIDArray, "$ModuleID"); // $ModuleID must be parsed Could you go through the code and make these optimizations? Sounds like a good idea, but I know that I won't get to it anytime soon. :) -- Daniel Bartholomew da...@pl... |
|
From: Cyt0plas <cyt...@eb...> - 2002-02-13 22:02:34
|
>You can stuff binary files into MYSQL, using blobs. >but there is an advantage to just having directories set up. It lets >you do bulk things with the files for grading. Pulling them out of >a database for grading would be a pain. > >But an SUID cgi script or an SUID php script might be a way to >automatically stuff assignments into a private and locked directory. Hey all, just took a look at this, going to see what I can do to help out. Security looks like a concern, but that just happens to be my speciality :P Anyhow, php scripts cannot be done setuid, unless you do the cgi version of php (bad), and use suexec for it (hard, really bad). Suexec program/perl script is DEFINATLY the way to go here, but there should be a configuration option to allow for Win32 usage (directly, not through external script). Also, for some performance increases: TRY TO AVOID the " operator. Use ' instead. ' is not parsed, and requires significantly less CPU time. Only use " if you need to parse it. Bad: $MnHome = "http://www.SomeSchool.edu/MnITS"; // No need to parse it array_push($ModuleIDArray, '$ModuleID'); // $ModuleID must be parsed Good: $MnHome = 'http://www.SomeSchool.edu/MnITS'; // Less CPU usage! array_push($ModuleIDArray, "$ModuleID"); // $ModuleID must be parsed My server is running on a pentium 1 200mhz, so I notice such things :P Also, the zend optimizer (free) does a lot better with these. |
|
From: John S. <sec...@pe...> - 2002-02-13 19:20:00
|
Daniel Bartholomew <da...@pl...> writes:
% > Worst case, this is going to run on public servers, which give some pause
% > about design.
% This is a good point. The directory for Assignments needs to be writable by
% the webserver so that it can place uploaded assignments in it. No files are
% writable, just this specific directory. I would prefer a better way of doing
% this, but don't know any other solutions. Is there a way to store binary
% files in a MySQL database? That would probably be the best way. Any ideas of
% how to implement this, or fix it so directory permissions are more acceptable?
% Would making the directory write-only work?
As a basic security model , you want to have the server do some kind of
wrapper, so that the programs are owned by the directory/server owner.
But that implies changes to the server configuration, so probably two models
need to be available.
You can stuff binary files into MYSQL, using blobs.
but there is an advantage to just having directories set up. It lets
you do bulk things with the files for grading. Pulling them out of a database
for grading would be a pain.
But an SUID cgi script or an SUID php script might be a way to automatically
stuff assignments into a private and locked directory.
-----
John Sechrest . Helping people use
CEO PEAK - . computers and the Internet
Public Electronic . more effectively
Access to Knowledge,Inc .
1600 SW Western, Suite 180 . Internet: sec...@pe...
Corvallis Oregon 97333 . (541) 754-7325
. http://www.peak.org/~sechrest
|
|
From: Daniel B. <da...@pl...> - 2002-02-13 19:15:01
|
On Wednesday 13 February 2002 12:12 pm, John Sechrest wrote: > % > I then created the AssignmentUploads directory at the same level of > % > MnITS and chmoded it to 777 and uploaded a test gif successfully. I > % > verified that the upload was physically in the AssignmentUploads > % > directory. > > I would SERIOUSLY suggest that we want to make sure that chmod 777 is > not in the vocabulary of the project. > > Assignments can't afford to be writable by anyone but the core code. > You really don't want other programs to give you access to the > assignments. > > We should assume that in the nominal case, this set of programs will > at least run on a shared server between faculty. And that one faculty > member should not be able to have code that pokes into the code on another > site. > > Worst case, this is going to run on public servers, which give some pause > about design. This is a good point. The directory for Assignments needs to be writable by the webserver so that it can place uploaded assignments in it. No files are writable, just this specific directory. I would prefer a better way of doing this, but don't know any other solutions. Is there a way to store binary files in a MySQL database? That would probably be the best way. Any ideas of how to implement this, or fix it so directory permissions are more acceptable? Would making the directory write-only work? -- Daniel Bartholomew da...@pl... |
|
From: John S. <sec...@pe...> - 2002-02-13 18:15:45
|
Daniel Bartholomew <da...@pl...> writes:
% > I then created the AssignmentUploads directory at the same level of
% > MnITS and chmoded it to 777 and uploaded a test gif successfully. I
% > verified that the upload was physically in the AssignmentUploads
% > directory.
I would SERIOUSLY suggest that we want to make sure that chmod 777 is
not in the vocabulary of the project.
Assignments can't afford to be writable by anyone but the core code.
You really don't want other programs to give you access to the assignments.
We should assume that in the nominal case, this set of programs will
at least run on a shared server between faculty. And that one faculty member
should not be able to have code that pokes into the code on another site.
Worst case, this is going to run on public servers, which give some pause about
design.
-----
John Sechrest . Helping people use
CEO PEAK - . computers and the Internet
Public Electronic . more effectively
Access to Knowledge,Inc .
1600 SW Western, Suite 180 . Internet: sec...@pe...
Corvallis Oregon 97333 . (541) 754-7325
. http://www.peak.org/~sechrest
|
|
From: Daniel B. <da...@pl...> - 2002-02-13 18:14:21
|
On Tuesday 12 February 2002 10:45 pm, you wrote: > Daniel, > > I tested the feedback.php and email.php files dated February 4, 2002 > 7:49:00 PM. > They seemed to send fine from my test installation on Soludev.com. > Thanks. They seemed to work for me as well, but I'm getting complaints of things not working. hmmmm. I'll dig into the code and see if I can't see anything that might be wrong with it. -- Daniel Bartholomew da...@pl... |
|
From: Daniel B. <da...@pl...> - 2002-02-13 18:10:09
|
On Tuesday 12 February 2002 11:44 pm, you wrote: > I hope this is not to much feedback.....included more then I thought. > > Let me start off by saying I have not looked at the code, but I am > looking at the functionality. > > I tried to upload a gif as an assignment on my test installation and > received an error that indicated that the folder did not exist. This > error caught my eye for two reasons. > 1. The error it self pointed to a directory that would exist at the same > level as the root MnITS directory not a subdirectory of MnITS. The > directory name is: AssignmentUploads. > > 2. After the error I pressed the back button and the students display no > longer had the option to upload an assignment. This tells me that the > update to the data base for the users assignment is done prior to > verification that the upload is complete. > > I then created the AssignmentUploads directory at the same level of > MnITS and chmoded it to 777 and uploaded a test gif successfully. I > verified that the upload was physically in the AssignmentUploads > directory. > > I then tried to grade the file from the instructor screen and was > brought to a 404 not found page due to a in correct url. > The url that the link on the Grade Assignment page displayed was > http://www.soludev.com/MnITS/AssignmentUploads/test_1.gif > Instead of the expected > http://www.soludev.com/AssignmentUploads/test_1.gif > > Suggestions: > > 1. Move the database update code after the file upload code. This way if > the upload does not work the database will not be updated. (I think this > would work, if not something else along the same lines would work) Will do. > 2. Correct the upload path to correctly point to the AssignmentUploads > directory as a subdirectory of MnITS. That is strange. It's supposed to be a subdirectory of MnITS (i.e. MnITS/Assignment_Uploads). My test installation is kind of messed up. Thats why the error is happening. I used to have MnITS at the root of the server and then I moved it to a sub-directory. I'll make the changes. > I Tested the following upload types. > .rtf > .doc > .ppt > .gif > > These file types uploaded fine and appeared in the directory. > Good. > Not sure what file types you are having a problem with? The main problem was Assignments not showing up. This would explain it. > I noted some things as I was going through this. > > 1. Files uploads contain the user name an underscore and the assignment > number(I believe that is what the number is for). You've guessed correctly. > 2. I noted also that as an assignment is rejected by the instructor the > feedback for all of the assignments is displayed to the student. Yes. I wanted a student to be able to view all feedback on a particular assignment on one page. > 3. If a students assignment is rejected, and then another assignment is > uploaded of the same doc type. The original is overwritten. That is not good. > Suggestions: > > 1. Is it possible to include a version number in the file name? For > example if the user name was test and the file type uploaded was a doc > file for the first assignment. The produced file upload would be named > "test_1_1.doc" If the assignment was rejected the next upload would be > called "test_1_2.doc". This would then allow a "History" of assignments > that could be included as links on the student assignment feedback form. That is a good idea. I'm thinking along the lines of a timestamp, but even a simple 1,2,3... numbering scheme would work. > 2. The history could also be available for the instructor. That is also a good suggestion. Instructor's would probably like to have a complete history of everything. > 3. Alternative to this would be to delete submitted assignments when > they are rejected. This would keep the upload directories cleaner. Yes, it would. But it would be nice to have a record. > 4. Another alternative could be to have a folder created for each > student under the AssignmentUploads directory. This might easy system > maintenance later on so that if a student completes a course the entire > directory could be deleted. oooo, I like that! There would need to be some way to automatically create directories and otherwise manage them. I'll give it some thought. > Ok.....I have to stop now.....I went on with this, way past what I had > intended to. Thanks! I'm going to tackle this today, as it's been bugging me for a while. I'm going to tackle the bugs first, and then work on some of these suggestions. In relation to the uploading of files, I'm a bit concerned about directory permissions and security holes, but I'm not expert enough to know how to make everything totaly secure. If anyone has any suggestions, let me know. Thanks. -- Daniel Bartholomew da...@pl... |
|
From: Daniel B. <da...@pl...> - 2002-02-12 22:41:45
|
Here is another file I'd like some comment on: MnSt_Assignments.php Currently the file stores uploaded assignments into a directory and the name of the file in the database -or- the assignment itself in the database, depending on the method used. I'm having problems with some of the uploaded files not showing up in the directory. Any suggestions for improving the system, error checking, etc...? Thanks. -- Daniel Bartholomew da...@pl... |
|
From: Daniel B. <da...@pl...> - 2002-02-12 21:55:56
|
I'm having some problems with these files. Anyone want to look at them and see what the matter is with them (if anything)? They're pretty identical as far as what they do. They both bring up a form that students can use to send email to the instructor or the developers (depending on the file used). Look at the CVS version of the file(the MnITS_0.0.3a versions should be the same unless I decide to tinker with them some this evening). The problems are with emails not getting sent properly, etc.... Any improvements would be nice as well. Thanks. -- Daniel Bartholomew da...@pl... |
