Quick Tour of NMC Second Life Campus

A quick tour of the NMC Second Life campus. I walk around the virtual poster session, go for a walk/fly, and take a quick look around. Click the "play " or "download " links to take the tour.

The poster session seems odd at the moment – I'm not sure faithfully reproducing the physical world is the best way to take advantage of the virtual – but it may seem better on July 12 when the presenters will be on hand for discussion.


Second Life NMC Poster Session: A screenshot of the NMC Secondlife poster session.


Second Life NMC Poster Session: A screenshot of the NMC Secondlife poster session.

Expensive Open Source Conference

I had been making a case to attend OSCON2006 this year, the logic being that it's a better fit for what I'm doing now than WWDC is. OSCON is a gathering of open source projects and programmers/developers, with tracks on various cool open source technologies, methodologies, etc… WWDC is a corporate developers conference, aimed specificially at core Apple technologies (with some obvious trickle-over into open source as well).

The sub-thought was that I could save some coin in our budget by going to an open source conference, rather than a high-end corporate one.

Then, I checked out just how much O'Reilly charges for people to attend OSCON. Holy crap. For what you get (number of days, tutorials, etc…) WWDC turns out to be cheaper!

# of days3 (+ 2 days of extra tutorials)5

extra fee

$395 per tutorial, with discounts for multiples

# of sessions210 (15-45 minutes each)175+ (1 hour each)
KeynoteTim O'ReillySteve Jobs
LocationPortlandSan Francisco

$1,245US + Tutorials + Executive Briefing

(25% academic discount)


all events included

I know O'Reilly needs to pay their bills, but it just strikes me as odd that a conference aimed at the Open Source Community would cost so much. They could have followed the model of NorthernVoice et. al., by having partners contribute space/resources, and charge a nominal fee to make sure everyone can attend. Have the event hosted at a university campus, and I'm sure it would cost less to put on – and might offer facilities as good or better than a conference hotel.

There are certainly more expensive conferences (JavaOne2006 would have cost over 2 grand US for the full meal deal, and Microsoft's PDC is around 2 grand as well – TED is over $4KUS). I suppose that once you add on the cost of travel, accomadations, and any non-provided food, the conference really isn't that expensive in comparison, but something just seems wrong about charging over a grand (US) to listen to 45-minute sessions by open source luminaries.

I've been to a fair number of different conferences (but never to OSCON), and WWDC has always been consistently in a league all its own. Other conferences wish they could be run as smoothly, deliver the same tasteful showmanship, be planned as completely, and generate the excitement and buzz in the presenters and attendees. I'm not sure how much of that is a result of the bells and whistles they're able to throw in by charging $1,600 per head, and how much is a direct result of the energy in the community.

As it turns out, I don't think I'll be travelling this summer anyway (don't want to be away from home too much) so the point is basically moot for me, but I'd bet there are a lot of folks that would like to go to OSCON who simply can't afford the entrance fee.

A spammer responds

I was just clearing out the last of the comment spam – I'd let it stew in the database (unpublished) but thought I'd take a quick peek to see if there were any false positives. I thought I'd found one – a comment marked as spam, but with content portraying sympathy with my plight against these spammers – that they must be stopped.


A Spammer Responds (screenshot): This spam roach was trying to get whitelisted by commiserating on the evils of spammers... It didn't work - Akismet sniffed it a mile away.A Spammer Responds (screenshot): This spam roach was trying to get whitelisted by commiserating on the evils of spammers… It didn't work – Akismet sniffed it a mile away.


So, without thinking, I clicked "submit ham" – to tell Akismet that it was a bona fide comment. Then, I checked the URL to see which friendly blogger was commenting.

And got a spam site.

The spammer was trying to get through the filters by reading my recent post and trying to get whitelisted by posting something not spamish at first glance. But, Akismet had stopped him in his tracks – until I clumsily intervened. It's now re-flagged as Spam, and banished to that special inner circle of hell reserved for these roaches.

Where did the Flickr Schwag go?

Last year, Flickr was offering some cool free stuff to help promote the site. There were stickers and buttons showing the Flickr logo and the famous Flickr Dots.

They ran out, promising there would be “… more good stuff” – and now, a year later, there’s still nothing.

I mean, come ON, Flickr. I’d pick up an official Flickr shirt (polo or T), a baseball hat, and some other stuff… Doesn’t have to be free, but where’s the goods?

Antispam Update

The spammers started trailing off not long after I wrote the previous post – before hitting their target of 20,000 spam attempts in 24 hours. They punked out at about 18,000 – then I closed the door with the Bad Behavior module.

It was kind of interesting leaving the spammers swarming around my blog as a honeypot, but the load was just getting annoying. Since enabling Bad Behavior, Akismet has had to deal with less than a dozen spammers getting through in about 24 hours – and I haven’t had to deal with (or even be aware of) any of them. That’s a wee bit of a change…

Bad Behavior makes me a bit nervous though, because it is rather unforgiving by design. If it thinks you’re a spammer, or if your IP has been used by a spammer, you’re locked out. No second chances. That’s good, but it’s also a bit authoritarian. There’s also no admin interface for it, so if I want to unblock someone, I have to dig around in the database to nuke the appropriate records.

I’ll keep an eye on things, but it’s pretty cool knowing that this blog could handle a pretty intense load without breaking a sweat, that spammers will not be getting in, and that it takes basically no effort on my part to maintain things. Very cool.

20,000 spam attempts per day (and counting)

The onslaught just keeps coming. It’s on pace to easily meet 20,000 spam comments in 24 hours. I had a very small handful of false negatives, but they were easily dispatched by clicking a couple of checkboxes on an admin page.

20,000 spam attempts. Peaking at multiple attempts per second, with over 500 spam bots simultaneously spidering/spamming the site. Drupal seems to be holding its own, triggering throttles to shut down higher-load functions so the site remains responsive.

And Akismet is dutifully blocking the roaches from getting through. Their success rate just keeps dropping – down to 0.1% success rate, and even that is only temporary, until I manually remove the small handful that gets by Akismet’s watchful gaze. The spammer’s effective success rate is exactly 0% – not asymptotally approaching 0, but exactly 0. Zero. Absolute Zero. Cold heat death for spam.

I’m pretty sure they’re sticking around here because the bots think they are succeeding – Drupal accepts the comment, so the bots think it worked. What they don’t realize is that the comment is immediately unpublished by the Akismet module – as soon as the Akismet retuns its spam flag.

Thankfully, Dreamhost appears to be handling it like a champ. Not even breaking a sweat. I’m pretty sure that if this blog was still back on GoDaddy’s servers, it would have curled up into the fetal position and mumbled quietly to itself…

Akismet ROCKS!

I'd tried Akismet before, and wound up reverting to Spam Karma 2 – actually, I think SK2 was interfering with Akismet, so that likely wasn't a fair comparison, since both were running at the same time.

But, I've been running the Drupal Akismet module for 10 days now, and it's been performing absolutely perfectly. For example, this blog has been under a sustained spam attack for the last 12 hours or so – over 400 600 spam attempts just last night (200 just while writing this post) – and not a single one of the roaches got through. I just went through the Akismet comment moderation queue to look for false positives, and there wasn't a single one. So it's batting 1000 under a significant spam attack.

Mad kudos to Akismet, and to Markus for porting it to Drupal!

Actually, I'm pretty impressed at how this blog is running under this spam attack – it's still responsive, pages load quickly, and posting new content and comments is still working. Drupal's handling the extra load without breaking a sweat.

I'lll be keeping the Akismet module running on my blog, but will keep playing with the Spam.module update on our campus server due to licensing requirements for Akismet. Our use falls under the "commercial" category, and with the number of Drupal sites we're using, the cost can't be justified (yet – maybe if we get hit by spammers that don't get blocked by spam.module we'll adjust things to find the cash).

Update: Over 2000 attempted spam comments in the last 24 hours, and every single one was stopped by Akismet. Here's a screenshot from the Akismet moderation log – I didn't have to see any of these, and they were coming at me every in bursts of up to 1 spam per second for 24 hours…

Akismet Spam Attack: A screenshot of the Akismet Drupal module moderation log, during a sustained spam attack where Akismet blocked 100% of attempted spams, with no false positives.

Akismet Spam Attack: A screenshot of the Akismet Drupal module moderation log, during a sustained spam attack where Akismet blocked 100% of attempted spams, with no false positives.

Update 2: It's been almost exactly 24 hours since I first wrote this entry. Since then, an additional 2000 comment spam attempts have been successfullly blocked by Akismet. And a whopping 8 spam comments got through to my blog. 8. That's it. Out of over 3000 attempts in a day and a half. That's roughly a 0.267% success rate for the spammers. But, the economics of it make even THAT a worthwhile use of their time.

I debated doing something more proactive to stop the spammers altogether, but then thought that it's probably better for them to leave their bots pointed here, getting no benefit at all, than randomly spraying their spam across the 'net and maybe hitting someone's blog that isn't using an effective spam blocker. The way the Drupal Akismet module works, the spammers think they're getting every comment posted here, but the module immediately unpublishes their spam as soon as Akismet responds. That's a pretty sane way to set up the block – don't tell the spammers that they're wasting their time, just nuke their spam without a whimper…

Upgrading MySQL on MacOSX Server

I just upgraded our TLC development/staging/small-deployment server from MySQL 4.0 to 5.0.22. I'd never upgraded a MySQL server before (always just installed a fresh copy on a new box, or updated along with MacOSX) so I wanted to do some testing before making the plunge on a deployment server. We've got a bunch of databases on that box, running everything from weblogs.ucalgary.ca to some custom apps written here.

I did a quick RTFM , but the MySQL manual recommended not jumping right from 4.0 to 5.0 using the normal upgrade process. It said to go to 4.1 first, then to 5.0. So, I did some more Googling, and realized that a full mysqldump and restore would do the trick, without requiring the milk run through 4.1.

I installed a fresh copy of MySQL 5.0.x on my desktop box, did a full mysqldump from the server using:

mysqldump -u root -p --opt -Q --add-drop-table > mysqldump.sql

That gave me a 400+MB SQL file, handy for a backup, or for migrating between copies of MySQL. I copied the file to my desktop, and ran this:

mysql -u root -p < mysqldump.sql

mysqladmin -u root -p --flush-privileges

And, it Just Worked – so the data should safely migrate this way. I did some testing with apps – Drupal etc… and thinks behaved as expected. It takes longer to dump/restore than just updating the MySQL server, but it's safe. And all database users and privileges were intact, so everything should hook up just fine.

Then, I did the same on the server. I killed MySQL, which was still running version 4.0. I ran the installer (both MySQL 5.0 and the StartupItem) via SSH (sudo installer…) and it took care of setting stuff up. But, the old MySQL didn't shutdown cleanly, so I had to do the unthinkable – reboot the box. I know there's a cleaner, more "official" way to clean stuff up, but the box had been up for a couple months, so a reboot wasn't the end of the world.

When the server came back up, MySQL was running as expected. Then, it was a simple. First, I told my shell to use the new copy of MySQL, then imported the data:

alias mysql=/usr/local/mysql/bin/mysql

alias mysqladmin=/usr/local/mysql/bin/mysqladmin

mysql -u root -p < mysql.sql

mysqladmin -u root -p --flush-privileges

And all of our apps are up and running on a shiny new copy of MySQL. The previous version of MySQL is still on the server (but not running) with all data still safe in its own directory, so if something catastrophic has happened, reverting will be trivial.

Now, to upgrade my copy of Moodle to 1.6, which is what prompted the whole MySQL upgrade process in the first place…

LeMill – Plone-powered Learning Object Repository

Teemu Leinonen posted a link on the IIEP-OER list, referencing the LeMill project he's working on. I just checked it out, and it's pretty cool. This one is based on the Plone content management system / framework, so it's great to see what can be done on top of these maturing platforms.

It's still being developed, but it looks like LeMill is another great option as a CAREO replacement. It's got some things in it that CAREO lacks (collections – an evolution of "subscribed objects", tagging), but doesn't have comments/discussion for each item (yet?). It's multilingual, easy to install, and runs just about anywhere.

Repository really isn't the right term any more. LeMill is (intended to be) more of a community than a repository. That's a much better model – one that seems to be working well on other projects like SocialLearning.ca (and many others – perhaps Merlot is the granddaddy of them all?)

I like the distinction between "pieces" (assets – images, video, etc…) and "materials" (compound products – websites, learning objects, courses…). The resource addition (upload or reference) process was pretty simple – maybe too simple, since there doesn't appear to be a license selector or copyright description available. I had an image uploaded and tagged in about a minute, though.

update: found a page on the LeMill wiki describing mandatory IEEE LOM metadata fields, so perhaps that widget just isn’t exposed for Pieces…

Where LeMill stands apart is the concept of Activities and Tools – perhaps these are just variations on a theme, and might be analogous to the different content types they've got in SocialLearning.ca. The implementation of the different content types lets you do some interesting things to group/sort/categorize/display various items, so that's a handy step in the right direction.

I'm going to have to make some time to play more with LeMill, and to finally get around to mocking up a Drupal port of CAREO.