CODOPERU: Dokeos 1.8.6 – Creación de contenidos

Hola amigos!

Es un gusto saludarles y a la ves invitarles a la II Reunión de CODOPERU “Comunidad de Dokeos en Perú”, el 7 de marzo del 2009 en Miraflores – Lima.

En la reunión entre otros temas importantes se expondrá sobre la nueva versión de Dokeos 1.8.6 y sobre la creación de contenido en Dokeos donde todos los asistentes pondrán en práctica lo aprendido, creando sus propios contenidos.

Para mayor información sobre el lugar, inscripción e informes, ingresar a la pagina de Dokeos Latinoamérica haciendo clic —> AQUÍ , los esperamos!!

Xorg, Ubuntu 8.10 and the resolution change bug

Most of you playing with a laptop or a PC with a beamer will have noticed that when you change the resolution of your screen, applying the changes suddendly blocks your screen in a high frequency that prevents you from changing back to normal.

Didier Misson (one of my fellow BxLUGers) wrote an article about that desktop resolution bug (in French) and how to fix it changing the /home/[user]/.config/monitors.xml file.

Might help…

Atlantis…?

Let’s talk about non-computer stuff for once…

I don’t know if you read about the Danton (a French military boat sunk during the first world war by a German submarine) discovery last week… Quite interesting.

A friend of mine sent me a link to this article about the possible discovery of the Atlantis today. It’s in French, but the idea is this: there is a strange sign of submarine structure more or less where Plato had determined the Atlantis would have been located before its destruction.

Although apparently scientifics say it is an artefact due to variable sources for the map generation data, I cannot help but wonder… why would that area be specifically be better analysed than others? Apparently, the area is more than 100km on each side…
See it in Google Maps

When it all started…

Did you ever wonder when Dokeos really started to change code on the basis of the Claroline project? Well, Sourceforge’s got an answer for you…

The first commit ever made (by Olivier Brouckaert, like many of the first 2000 commits, I still don’t understand how it is humanly possible) was made on the 23rd of January 2004. So basically, as far as we talk about the code itself, Dokeos is celebrating its 5 years and a month today! Yeah.

http://dokeos.svn.sourceforge.net/viewvc/dokeos?view=rev&revision=1

The funny thing is that, following SourceForge, Claroline is only traceable up to June the 2nd, 2004 which, if we were to believe that bluntly, would post-date the first commit of Dokeos.

Of course, we all know that Dokeos forked from Claroline in 2004 (don’t we? :o)), and we also know that Claroline started in 2001, following this page

So that would mean the Dokeos code is about 8 years old…

If we are to believe Moodle’s CVS, Moodle’s code started in November, of 2001, as well. I honestly thought it was older, but I guess there’s some non-CVS work pre-dating this.

Asesoría de seguridad

Gracias a mi amigo Enrique, hoy me he dado cuenta que tenemos la competencia para ofrecer asesoría de seguridad para scripts en PHP.

Detectamos y analizamos (arreglamos si fuera necesario) los riesgos de

1. Cookies y sesiones
2. Formularios y URLs
3. Bases de datos y SQL
4. Ficheros y comandos
5. Autenticación y autorización
6. Alojamiento compartido
7. Inclusiones

Hay bastante documentación por internet para encontrar detalles de estos temas. Lo que hacemos es ahorrar tiempo por conocer estos problemas muy bien (Dokeos nos da mucha práctica para hacerlo).

Speaking of Dokeos in Japan?

That’s where I think I should have went on taking Japanese classes…

http://japan.cnet.com/blog/geeklog/2009/02/23/entry_27020579/

Giving PHP training as a means of recruitment

It’s been a while since the idea first came to me, but yesterday we managed, with a bunch of acquaintances, to setup the basic structure so, starting 23rd of May, I’ll be giving an 80-hours long specialized PHP course to 10 pre-selected candidates from Perú, in order for them to prepare for the Zend PHP Certification and for me to spot the good ones and give them a job right away.

The training will not be very expensive, but we will put a psychological entry test and will ask for a bunch of important prerequisites.

I’m used to give the training as I just ended up a 3-months training for my employees (most of them are ready to pass the exam in the next 3 weeks).

Securing Web Services – Research

I’ve been looking for a few hours now for a “quick and easy” solution at securing the Dokeos web services, but I have still to go through a whole lot of technical details. Looking for help (at avoiding so much reading work), I have sent an e-mail to the php-general mailing-list, hoping for an answer.

Because this e-mail is the result of considerable search efforts, I’m saving it here. Somehow it might very well help somebody trying to do the same…

From:     Yannick Warnier
To:     PHP General
Subject:     [PHP] Securing web services
Date:     Sun, 22 Feb 2009 13:04:37 -0500

Hi there,

Another Web Service related question. Obviously, Google gives me enough
hints to find *many* documents on the topic (searching for “securing web
services”), but I am developing open-source soft and I’d like to secure
my web services to the maximum without forcing the user to use HTTPS/SSL
(the generation of buying of a certificate is not what our lambda users
can do).

Following the very nice table on page 32 of

Click to access SP800-95.pdf

using a combination of XML Encryption and XML Signature would provide a
cover for almost all security risks related to providing web services.

This article:
http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html
also goes away from the SSL method and *talks* about XML-DSIG and
WS-Security, but that’s out of PHP context.

Finally, the following article talks about NuSOAP and the SetCredentials
method, which is probably the closest I can get to secure web services
using existing PHP code.

Would anybody out here have gotten further and be able to tell me how
they did it?

Thanks,

Yannick

Interesting links on this topic:

http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html

(with links to http://www.w3.org/Signature/ and http://www.w3.org/Encryption/2001/)

http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf

Security certifications

The pen-test mailing list (see http://www.securityfocus.com) has a short thread going about security certifications, which basically gives two possibilities for security certifications in the case of watching the information security:

http://www.giac.org/certifications/security/gcia.php
http://www.giac.org/certifications/security/gcih.php

That’s a personal bookmark for later.

There’s also an Ubuntu Professional Certification, which I might want to try out in the future. It has LPI101 and LPI102 as basis:

http://www.ubuntu.com/training/certificationcourses

As I always say, equally from benifiting directly from the title, you also help the corresponding product to gain in seriousness at the enterprise level, as enterprises need to be able to evaluate your skills without having to make you pass a full exam first.

And yes, we are thinking about a Dokeos certfication.

Bye bye ns21589

One of our antique servers at OVH, ns21589, is expiring during the next hour. Making a little bit of cleaning, I see that my oldest file on this one is dated May 2005. Quite a long time ago indeed.

ns21589 has served as the main hosting server for Dokeos for almost 4 years.

During these 4 years, OVH has given us an awful experience of what hosting providers can be bad at (unfair judgment, unskilled staff, excessive response time, DNS servers crash, hosting center’s crash) , and we will certainly not go back to hiring servers with them over the coming years, but ns21589 was one of the servers that did work most of the time and allowed us to respect our hosting contract rules.

Now we have moved to another architecture, much more flexible, much faster and much more powerful at CBlue (I hear they have a new website coming soon, the current one is a bit too simple), which allows us to host very complex server configurations.