The development team of Virtual Programming Laboratory (VPL) for Moodle presents the 3.3.1 version of this plugin.

This release includes fixes for VPL 3.3 and support for the Safe Exam Browser.

The Safe Exam Browser (SEB) allows a controlled environment for exams. VPL activities now can require the use of SEB and/or the use of SEB with specific configuration by the "Browser Exam Key". See https://safeexambrowser.org

Has been fixes different bugs in the use of “group work” activities introduced in the V3.3. If you are using V3.3 and “group work” it is recommended to upgrade to V3.3.1.

New or improved features in VPL 3.3

Syntax highlighter

The server based syntax highlighter has been removed, now all syntax highlighting is done in the browser using the Ace editor. This change extends to more than 50 the number of programming languages supported. This improve also will reduce the CPU load on the server. It has been also defined a syntax highlighter for the test cases definition file.

Editor

The editor has been updated using the last Ace code. This update will allow to use basic autocompleting in all languages, snipes in many and syntax checking in a few as PHP, JavaScript and CSS.

• Now it’s possible to select the editor theme in the plugin setting.
• The menu has now a button to unfold and fold less used options.
• Now it is possible to delete multiply files using the new multi-delete button.
• Now you can select the code font size. The size selected will be saved as user preference.
• The activity description is now shown in a “Description” tab. The student can read the activity description while write code in one window.
• The countdown timer can’t be hidden when the time left is less than five minutes.
• The evaluate button now gives information about the number of automatic evaluations done and the grade reduction definition.

Default evaluation program

The default evaluation program has been improved trying to accomplish the common requests of the users of VPL. The new instructions are:

• Fail message. This instruction set the text to show when the case fails. The input and output information is omitted.
• Program to run: This instruction allows to replace, for this case, the student’ program for other one. For example, you can use this instruction to run static/dynamic analysis of the student code.
• Program arguments. This instruction allows to send information to the student program (or “program to run”) as command line arguments. Notice that this instruction can be used with the input instruction.
• Expected exit code. This instruction set the expected exit code of the program case execution. The test case is passed if the exit code match. Notice that the test case can be passed also if an output match.

Reducing grading marks by the number of automatic evaluations

The grade system has been enhanced with a penalization by automatic evaluation requests. A number of free evaluations can be also configured. Once the student uses the free evaluations the grade system will start to reduce its current mark. The reduction value can be fixed number or a percent. Every new evaluation will apply a new reduction to the current grade. These reductions are applied to automatic and manual evaluation.

Group/team VPL activities redesigned

The pre v 3.3 design of team’s activities has different drawback that need to be resolved. The main problem is that if you change a student group after submissions the submissions may be moved to other group with the student. In the new design the submissions belong to the group and not to a student. Now it is safe to remove or add students to a group at any moment, the submissions will remain in the group. The grade is assigned to the members of the group at the moment of been graded.

Check execution servers

Check execution servers now show the actual servers including the locals and based on ones. The report now also shows the list of current process running in the course.

Diff files

The diff files code has been rewrite to support the Ace editor as the way to show files side by side.

Download submissions

The “download submissions” button has been moved to the “submission llist” report. It has been added a new button to download all submissions including old versions. The zip file format has change to give more information including: full name of student, time of submission and evaluation details.

Reducing size of space used by submission

Due to how the submitted files are managed: created or deleted but not modified. This version includes the reuse of files of previous submission. This is achieved by reusing (linking) files of previous submission with same contents as new ones.

Using GUI programs

If you are planning to use languages with GUI capabilities as Java, C#, PHP, etc. it is highly recommended to use vncaccel to reduce the start time of the programs (see release of execution server 2.2.2)

Testing VPL

VPL is now tested using travis-ci. The tests include PHP Lint, PHP Mess Detector, Moodle Code Checker, CSS Lint, JSHint, PHPUnit tests and specific tests for the default Student's program tester. These tests alone do not correct bugs in the code, but are a first step to detect them.

Translations

Has been added the Brazilian translation thanks to Gabriel P. Silva UFRJ

Bug fixes

• Adds timemodified field for compatibility with Moodle.
• Fixes drop and paste problems.
• Uses own copy of Jquery and Jquery-UI, this removes version problems.
• Fixes problems reordering files.
• Removes for students view the hints of grade reduction at the end of titles line of grader comments. The students could see hints in HTML before it is processed by JavaScript.
• Fixes problem that avoid save new submissions when the name of requested files is changed.
• Has been modified the table vpl_jailservers to remove the key of the server URL. This key with a field of 255 chars generate an error than abort the installation of VPL due to problems for reaching the limits of key size in MySQL some some char sets.

Updating VPL

If VPL is updated it is highly recommended to clean the browser's cache. The cache can mix JavaScript files from the previous version and generate errors for a while.

IMPORTANT NOTE!: If you update or restore activities to VPL 3.3 or higher from previous version and include teams’ activities whit submissions, you need to go to the list of “Virtual Programming Lab” activities and click on the “Check all” button (at the bottom of the report). This process will assign groups to the submissions.

VPL-JAIL-SYSTEM 2.5.3

The VPL-Jail-System serves an execution sandbox for the VPL Moodle plugin. This sandbox provides interactive execution, textual by xterm and graphical by VNC, and non-iterative execution for code evaluation purposes.

For more details about VPL, visit the VPL home page or the VPL plugin page at Moodle.

Requirements

The VPL-Jail-System is an open software execution system and requires a specific environment.

Software requirements

The VPL-Jail-System 2.4 requires a Linux O.S with YUM or APT as a package manager and systemd or system V as a service manager. The system has been tested on Debian, Ubuntu, and CentOS.

Hardware requirements

The system has been developed to offers immediate and interactive execution of students' programs. It means that the system can attend multiple-executions simultaneously.

The hardware required to accomplish this task depends on the number of simultaneous executions at a time, the requisites of the program, and the programming language used. For example, a PHP Web program may require a considerable amount of RAM, especially for the Web Browser execution, but a Python program may need one hundred times less of RAM.

Our experience is that a machine with only 2Gb of RAM and two cores can support a class with 50 students online using Java (Non-GUI). If you are conducting an exam, the hardware required maybe tripled. Possibly the critical resource may be the RAM. If the system exhausts the RAM, the O.S. will start swapping, and the throughput will decrease drastically. Our tests indicate that the 32-bit O.S. uses less memory and CPU than the 64-bit version. Remember that you can add (or remove) VPL-Jail-systems to a VPL installation online.

Installation

Selecting the hardware

The recommended option is using a dedicated machine. If you can not use a dedicated computer try using a Virtual Machine, e.g. using VirtualBox. This approach will provide aisle and limit the resources used by the service. If you decide to use other services in the same machine that the use of resources by the VPL-Jail-System may decrease the performance of the other services. Although no security breach has been reported, notice that the nature of the service (execute external code) leads to an intrinsic threat.

Preparing the system

Install a Linux O.S. as clean as possible. If you have enough resources, you can install a GUI interface. Stop any service that you don't need as the web server, ssh server, etc. If the O.S. has a firewall, you must configure it (or stop it) to give access to the only two ports needed by the VPL-Jail-System. If you use automatic updates, you must restart the VPL-Jail-System to take into account the update. You can use cron to automate this process.

Getting VPL-Jail-System

VPL-Jail-System is distributed only as source files. You must get the source package from https://vp.dis.ulpgc.es, e.g., using

wget https://vpl.dis.ulpgc.es/releases/vpl-jail-system-[version].tar.gz

or from the GitHub repository, generating the package with

make distcheck

Running the installer

After getting the package, you must decompress it and run the installer.

tar xvf vpl-jail-system-[version].tar.gz
cd vpl-jail-system-[version]
./install-vpl-sh

The "./install-vpl-sh" must be run as root.

Follow the instructions and wait for the necessary downloads. The installation script will try to install the development software commonly used.

The installer will ask you about:

• If you want that the installer creates a self-signed SSL certificate.
• (updating) If you want to replace the configuration file with a fresh one.
• If you want to install different compilers and interpreters.

Updating VPL-Jail-System

If you want to update the VPL-Jail-System, follow the same steps that the first installation. The installer will update the current version.

Removing VPL-Jail-System

Run uninstall-sh of the current version.

Configuration

After installing the VPL-Jail-Service, the service will be started with a default configuration. If you want to change the setting you must edit the file /etc/vpl/vpl-jail-system.conf.

After configuration changes, you must restart (as user root) the service to use the new configuration values. Using systemd

systemctl restart vpl-jail-system

or using system V

service vpl-jail-system restart

Main configuration parameters

• PORT. Socket port number to listen for HTTP and ws connections. The default value is 80
• SECURE_PORT. Socket port number to listen for https and wss connections. Default value 443
• URLPATH. Act as a password. If no matches with the path of the URL request, then it's rejected. The default value is "/".
• LOGLEVEL. This value goes from 0 to 8. Use 0 for minimum log and 8 for the maximum log. Level 8 doesn't remove the prisoners' home directory. IMPORTANT: Do not use a high log level in production servers; you may get low performance. The default value is 3.

Checking

You can check the availability of your execution server using the URL

http://server:PORT/OK and https://server:SECURE_PORT/OK

Where "server" is the name of your execution server. The system must return a page with OK

Updating the software in the jail

After installing or updating packages or files in the host system, you must restart the service with "systemctl restart vpl-jail-system" to make available the changes in the jail. If you don't want to restart the service, you can drop the kernel caches to do the overlayFS file system aware of the changes. To drop the kernel caches run as root

sync; echo 7 > /proc/sys/vm/dropcaches".

Troubleshooting

You can obtain a detailed log of the execution process by changing the log level at the configuration file. Commonly The logs will be written to "/var/log/syslog".

Adding the VPL-Jail-System to VPL

The URL of the service is http://server:PORT/URLPATH or https://server:SECURE_PORT/URLPATH

:PORT and :SECURE_PORT can be omitted if using the standard ports.

You can use the service URL in the general module configuration and, in the local execution server settings of your Moodle server

Changes from the 2.2 to 2.3 version

The main new of the 2.3 version is the change of file system used to replicate root directory in jail. This version includes some minor fixes and is compatible and interchangeable with the previous one.

The replication of the root file system is done with overlayFS, allowing to adapt the replica to the needs of the VPL-Jail-System easily and safe. The users' home directory has been mounted as a tmpfs to accelerate the execution and limit the file system changes. Also, it has been added the possibility of mounting the replica allowing SETUID.

The use of the tmpfs removes the need for the "vncaccel.sh" script.

The new parameters to control these new features are:

• USETMPFS. This switch allows the use of tmpfs for "/home" and the "/dev/shm" directories. Changing this switch to "false" can degrade the performance of the jail system. To deactivate this option use USETMPFS=false. The default value is USETMPFS=true.
• HOMESIZE. This option sets the size of the "/home" directory. The default value is 30% of the system memory. This option is applicable if using tmpfs file system for the "/home" directory.
• SHMSIZE. This option sets the size of the "/dev/shm" directory. The default value is 30% of the system memory. This option is applicable if using tmpfs file system for the "/dev/shm" directory.
• ALLOWSUID. This switch allows the execution of programs with a suid bit inside the jail. Setting true this option may be a security breach, use at your own risk. To activate this option, use ALLOWSUID=true.

Changes from the 2.3 to 2.4 version

The installer and service control script has been updated to support systemd service manager. Versions before 2.4 use only system V service manager. The change allows to install vpl-jail-system on Linux distributions that use YUM or APT and systemd or system V. Other fixes and changes are:

• The default log level has been increased to 3.
• The size of the SSL key created when installing has been increased to 2048. New versions of OpenSSL lib require this size.
• Improves the cleaning of finished tasks

Changes from the 2.4 to 2.5 version

From the first versions of the VPL jail service, the system includes a logic to ban IPs with a high number of failed requests. This feature now can be controlled with a new configuration numeric parameter called FAIL2BAN. The banning and the account of failed requests take periods of 5 minutes. If one IP does more than FAIL2BAN*20 failed requests and more failed requests than succeeded, then the IP is banned until the next period. The FAIL2BAN set to 0 stops the banning process. The default value of FAIL2BAN is 0, and then this feature has been disabled by default.

The structure of jail file systems has changed to improve the compatibility and performance of the use of overlayFS in different O.S. configurations. Now the upper layer of the overlaid file system is on a tmpfs file system or, if you set the USETMPFS=false, is on a loop file system located at a sibling path to the control path (by default /var/vpl-jail-system.fs). IMPORTANT! If you set USETMPFS=false, then you can not set HOMESIZE to a system memory percent, you must set HOMESIZE to a fixed value. The HOMESIZE value can be in megabyte or gigabyte. E.g.

• HOMESIZE=8G
• HOMESIZE=4500M