Jeff Longland

Relax, don't worry – have a home brew!

Posts Tagged ‘devcon11

Blackboard DevCon 2011 – Managing API Evolution for Blackboard Mobile

leave a comment »

  • Slide in deck showing Mobile API dependencies
  • APIs are always backwards compatible or version number can be specified in query string
  • SAX parser shared between Blackberry and Android…  but ancient Blackboard JVM prevents much code sharing beyond that.
  • Mobile Learn uses a lot of private APIs that change frequently, across multiple Learn 9.1 releases
  • Fibbba – Fix It, the Building Block is Broken Again
  • Nighty builds (and continuous integration) have ant tasks that go through Fibbba to ensure compatibility across each version.  Provides reports on missing methods.
  • Fibbba caveats – only compile-time checking, reflection blind spots, not 100% accurate, false negatives for unreachable code, JSP precompilation
  • Great way to check for Building Block version compatibility
  • Ya!  Mobile uses Bamboo for continuous integration.
  • Fibbba info also available on Edugarage
  • Will follow-up with George Kroner to see if Fibbba could be included in the Eclipse plugin demo’d earlier this week.
  • If you’re posting Building Blocks to OSCELOT, definitely run it through Fibbba

Written by jlongland

July 12, 2011 at 11:07 am

Blackboard DevCon 2011 – Blackboard Learn Security Reference Architecture

with 2 comments

  • Slide deck has an interesting slide on threat categories and corresponding controls
  • Recommend SSL system-wide  with 2048-bit key.
  • Secure performance – SSL on the load balancer rather than the server (off-loading to be supported soon)
  • Adopt a single sign-on provider (SSO) to enforce strong passwords, password resets, throttling/locking
  • Session hijacking risk in Content Management – disable usage of persistent cookies (users will have to authenticate multiple times)
  • bb-tasks.xml can be used to tweak session invalidation
  • Look at Session Fingerprinting to prevent session hijacking.
  • Consider whether Guest access is needed.  Four places to toggle:  Gateway Options, Course Tools, Default Course Settings, Default Organization Settings
  • Enable Globsl Cross-site Scripting Filter (on by default at strictest setting).  Also enable for file uploads (bbconfig.fileupload.enable.xss=true)  Article in WikiKB with more info.
  • Evaluate which system and course/organization roles require ability to enter dynamic content.
  • Enable Grade History.  Do not allow instructor to clear the history.
  • Monitor for changes to system configuration – properties files in config folder  and system registry in database table
  • Monitor privileged accounts for access from unexpected IPs / user agents in BBLEARN.sessions table
  • If CVSSv2 score is > 7, Blackboard will usually release a patch (unless it’s something widespread and better handled by a service pack)
  • Contact LearnSecurityCommunity@blackboard.com if you’d like to participate in a security community
  • Real-time anti-virus scanning is on the roadmap.

Written by jlongland

July 12, 2011 at 10:13 am

Blackboard DevCon 2011 – Letting the Lunatics Run the Asylum: Students Developing Building Blocks

leave a comment »

I’ve been thinking a lot about community development lately.  Specifically, having a campus community working on extending the LMS (and other apps).  So I was excited to see that Malcolm Murray has been working with Computer Science students to develop Building Blocks.
  • 3 Computer Science students over 10 weeks
  • No experience with Building Blocks
  • Projects managed in Google Wave – “audit trail” of discussion around whether ideas are feasible
  • Projects: Photo roster, Flash card tool, Twitter, more
  • Functional specs and Balsamiq mock-ups stored in DropBox
  • Initial issues when starting the projects: required iterative/agile development, some ambitious projects, threat of scope creep.
  • Each student had a test server with Blackboard, full sysadmin rights.  Next time, will look at providing a virtualbox VM and database access.
  • Asked students not to run “real” courses or create accounts for friends.
  • No prescribed IDE.  Provided DevCon webinars on how to setup a dev environment.
  • Provided series of demo building blocks: portal module, course tool, custom content type.
  • Regular meetings with students to check-in on progress and manage the projects.
  • Students found OSCELOT to be their most helpful resource – lots of example code to review
  • Student feedback – more documentation!  Why is it such a closed environment?  “Go look at how Moodle does it”
  • Student feedback – “A helluva lot more documentation would be nice”
  • Students were unfamiliar with the instructor side of Learn.  They didn’t get the terminology used.
  • The process helped students develop an understanding of Blackboard and why instructors use it differently
  • Need to have expertise / experience with Building Blocks to provide the students with assistance.
  • Students would do peer review and Malcom followed SVN updates, reviewed the code.

Written by jlongland

July 12, 2011 at 9:20 am

Blackboard DevCon 2011 – Building Tools Using IMS LTI

leave a comment »

  • Chuck was quick to identify Blackboard as a market leader in supporting IMS standards.  This is something that couldn’t be said a few years ago.  Kudos.
  • Highly recommends the talk earlier today by Jim Riecken and Dan Rinzel, “Code Your Own: Tool Integration Using the Basic LTI Standard”.
  • Between CourseSites and Google App Engine, Chuck is excited about the free opportunities for instructors.
  • Roughly 95% of the market has Basic LTI certification.
  • If anyone has security concerns with OAuth, Chuck says “take it up with Google”.
  • Chuck envisions an Educational App Store for LTI tools.  Commercial / branded app store by Blackboard, Pearson, McGraw-Hill?  “Public good” app store like IMS or MERLOT?  Likely multiple stores?
  • Having a standard like LTI might pave the way for a standard way of selling such tools in stores.
  • The session ended with a zany, chaotic demo of Sakai consuming Blackboard Learn as a BLTI provider.  As Chuck put it “A faculty member could add a Basic LTI link to CourseSites…  scary huh?”

Written by jlongland

July 12, 2011 at 12:12 am

Blackboard DevCon 2011 – Integration Between Learn 9, Vista 8, Others, and PeopleSoft

leave a comment »

I always make a point to check out Chris Greenough‘s presentations at BbWorld.  Besides being a fun guy to hang out with, Chris likes to *do* stuff, he’s smart, and his presentations are to-the-point.  In this one, he talks about NAU’s integration setup:

  • Goal was to build something that is loosely coupled to inbound data sources and outbound end points.
  • Started with Java and ServiceMix, quickly ditched that and went with something lighter-weight.
  • Learn 9 web services work to some extent for integration…  but throw errors on updates and categories.  Also a bit slow.
  • Using internally developed Python web service bindings to use Learn’s web services.
  • New LIS interface will hopefully be a better route than the web services.
  • Everything is IMS Enterprise 1.1
  • Slide deck has some good diagrams showing the structure of the inbound / outbound sources.
  • Used for Learn 9, Moodle, iTunesU, etc.
  • Any fields can be overridden in an LMS_OVERRIDE_INFO table w/ TABLE_NAME, TABLE_ID, FIELD, VALUE
  • All overrides are global.  But a later version might be tool-specific.
  • Chris would like to re-do this using Twisted.

Edit – Chris has posted the slide deck.

Written by jlongland

July 11, 2011 at 11:09 pm

Blackboard DevCon 2011 – New SIS Integration Capabilities

with 2 comments

A full room for this session.  And rightfully so.  More rough notes:

  • Data integration pre Learn 9.1.6…  Snapshots.  Command line.  Both for data source management and imports. Uh yeah….  “next generation”.  But, enough negativity.  Things seem to be changing.
  • IMS Enterprise 1.1 and IMS LIS supported by new web endpoint.
  • Data source management can now be done through admin panel.
  • Building Blocks can be written to support additional integration types.
  • Integrations have modes for active, inactive and testing – can see this being handy.
  • Advanced config allows for fine-grained control.  Can control how objects are handled on an integration-by-integration basis.  This seems simple, but I’ve worked on integrations where I was uneasy providing an external system with complete access to the integration API.  Kudos Blackboard, this is a good feature.
  • JavaScript can be used to process / transform data fields?
  • Event log is clear and easy to view. Not sure how it performs with hundreds of thousands of events, but looks good with a handful of events.
  • Wondering about performance generally.  Dan has explained that events are received, queued (I believe with ActiveMQ) and then processed.  So all events should be received, the performance delay will likely be in the processing itself.

Written by jlongland

July 11, 2011 at 7:59 pm

Blackboard DevCon 2011 – Adding LTI Support to Learning Applications

leave a comment »

The capacity planning session wrapped up early, so I wandered around the corner to see what Stephen Vickers is up to.

  • Generic PHP Tool Producer class to support BasicLTI integrations.  Also supports draft full LTI.
  • Two draft implementations for full LTI in the wild : Moodle (via EILE) and Blackboard Learn (news to me? need to follow-up on this)
  • Common integration requirements: single sign-on, automatic provisioning of users/contexts, role-based permissions, synchronizing groups, update gradebook, communications with students
  • Issues surrounding Tool Producer implementations: tool context management, sharing contexts, roster synch, returning grades, messaging subsystem, tracking data, look and feel
  • Stephen: If I was integrating tools, I’d use Basic LTI.
  • Interesting audience question: “When should I use Basic LTI vs Building Blocks?” Stephen’s answer: Really depends on the tool, your environment, and your requirements.
  • Dr. Chuck offered some comments as well.  He sees Building Blocks as deep integrations (largely admin-focused) and LTI as a means of integrating earning tools (e.g. NoteFlight)
  • Learning tools, in the current world, need to have some awareness of the various roles that may be incoming from the different systems offering LTI support

Written by jlongland

July 11, 2011 at 7:06 pm