Congrats on a successful end to a fun high school project! Stories like this are always fun to read.
I think I remember paying some small amount of money (flat fee irrespective of # of years, IIRC) to get my scores quicker via a phone call in 2003,2004,2005. Perhaps I would've been better served by your EarlyScores.
> In 2014, with my first AP courses under my belt, I anxiously anticipated the release of my AP scores. What I realized at that time was that scores were rolled out by the College Board over a week’s time, and my AP scores would be accessible on one of the later dates. The need to see my scores on the first available date spurred me to create EarlyScores.com.
Even went to the Etsy office in Brooklyn at one point and had a chat about it. I think some of the team was a bit bemused that I'd essentially extracted a large amount of data. But they took forever to get to the point of having an actual API (and I was one of the early users of this as well).
Eventually it became unsustainable and I shut it down, but it sure was fun having people be passionate about using it and sharing it.
The problem is letting other people use it; of course it's nice to help people, and it's altruistic to do so for free, but some of those people might actually need this homework to learn, and you may have deprived them of that. (Although I also think watching a video and doing some multiple choice questions is the laziest low-effort homework assignment there is, and the damage may not have been all that big.) But you used logic and programming to work around a math problem, which are roughly in the same field, so I think that's fair.
A slightly similar situation: my previous job was at a bank, and banks over here are bound by all sorts of ethics and rules, and are required to regularly train all their employees in balancing the interests of customers, society, and the bank. This bank did that by gamifying it: we had an app where we had to answer all sorts of ethical questions and make sure our score in the app was over 70% at the end of every month.
A coworker used our testing framework to access the app, answer questions randomly like you did, and store the correct answer to use next time. It apparently worked very well, but using tech to avoid ethics questions is quite a different issue than yours. (He shared it with me when he left, and I tried it, but it didn't work for me.)
This, when the scope is limited to yourself, it's very different from when it impacts others.
Back when AOL Instant Messenger (AIM) was super popular, I was in university and had read about ARP poisoning. Our school was pretty cheap, so all the dorms had hubs instead of switches. This meant that it would be, theoretically, possible to ARP poison an entire dorm, MITM attack and read all the text being sent on AIM since it was sent in the clear. I had a bit of a cyber security passion lab in my dorm room, so I wrote a PoC and ran it on a LAN air-gapped from the rest of the network. I proved that it should work for myself, having confirmed that similar cleartext messages would get passed to the machine intending to listen in between two other machines.
I told my classmate of my project and he expressed interest, so I gave him a copy. Fortunately, I didn't add any authorship info, mostly because I forgot to. I did caution him that ARP poisoning is a pretty "noisy" attack, and someone who was paying attention would notice it. He foolish ran it on the university network, and confirmed he was able to see AIM messages flying back and forth for all the dorm, as well as all the other traffic. It didn't take long for our school's IT to notice that one dorm was funneling all traffic through one machine. A week later he was banned from having a computer in his dorm room for a school year. Thankfully he never gave me up, admitting it was his stupidity that brought it on himself, but nevertheless it was a lesson learned - if you're going to play in the grey space between ethical and not, do so responsibility and don't share the exploits with others.
Aka "don't get caught".
One of the times I got in bother at the first university I attended was because I kept logging into their production servers as the root user every morning.
Their admins had left a few glaring holes open that I'd patched (and evicted some fellow travellers), but I kept their SSH keys to explore a bit.
One morning one of them happened to peruse the SSH logs, and spotted a pattern where someone on the student network was logging in every morning.
Didn't take them long to work out something was deeply fucked, and they cut my network access before pulling up the contact info they had on file for me and summoning me to their office for a bollocking.
Luckily for me they figured it would be better for their job security if they kept it purely informal as opposed to notifying the university proper and having me face a disciplinary committee.
They never rotated those ssh keys, and I learned the "don't get caught" lesson as opposed to the "don't do this" lesson.
The university didn't take kindly to that. They accused me of trying to take down the co-op system and threatened to sue me for copyright infringement. Since I linked into their system for job descriptions, I was able to show that the data I actually had (company, title, location) wasn't creative work and therefore not copyrightable. I also had some friends in the university faculty and staff who spoke up for me, since I had reported security vulnerabilities in the past, indicating that I wasn't acting with malicious intent. In the end, I just had to take a business ethics course, which I probably would have taken anyway.
Some of my friends who graduated earlier told stories about how JobMine at one point accepted resumes in HTML. Of course, this also meant that it was vulnerable to XSS attacks. The eventual fix was just to only allow PDF resumes.
It still blows me away a school filled with CS people had such a god-awful system. Then again we are CS people and not UI/UX designers.
So I wrote a python/selenium script to search google and dump all of these answers for my weekly homework. Then I’d bang out all of my classes in a few minutes.
I knew just enough about networks, security and building computers from my childhood I never got worse than a C on a test.
I’ll use Codespaces next time
I sometimes wonder if that kind of “not approved” intellectual curiosity can be used to augment education. Sort of like having old school alarm clocks that are designed to be disassembled.
The penetrable walls were the best, because if you drove your tank off the map, the graphics renderer would just look at whatever memory happened to be specified by your impossible coordinates, display eerie shifting structures that were the working memory of your code, and pretty quickly crash the whole machine writing the tank sprite into god knows what.
That was a fun summer. I wonder if my mom still has that greenbar printout in her basement.
It worked pretty well and we had many a play session with 10-16 kids, alt-tabs were pressed, until somehow they discovered we were playing games, and then a bit later they found some residual files that had my account as the initial creator set on them.
I got a 30 minute dressing down talk from the IT head, then again from my mentor, and then again from the 'dean' (our school system is a little different). Then I had detention after school for months.
No one ever asked me how I actually bypassed their network permissions. When I found another exploit weeks later, I never used it, but I also never told them.
My mother is a teacher for ages 7-11 and I help out with her IT curricula sometimes. I think I might do some reversing with her next time I am with them!
It made no sense to me until HS where I started to understand how I was editing a Data file, and more in college when I learned assembler.
It's basically like this: You get a starting number, have to multiply it with 2, then it's result with 3, then this result with 4, until you multiplied it with 9. After that you had to divide it by 2, then by 3, ... and finally by 9 and end up with the same number you started with. Sometimes even higher than 9.
Since our teachers understood that there are calculators and even kids like me who knew how to write loops in Basic code, they chose the numbers big enough to result in scientific format or overflows, so that at a certain step the precise calculation could not be done any more with a calculator or computer program.
So I wrote a Basic program which did multiplications and divisions the way you would do it manually with strings. From this point on I was only limited by the amount of memory, which wasn't an issue since my Amiga 500 had 1 MB of Ram.
Assuming a pocket calculator has 8 digits, it would overflow only if the starting number was around 300. Was it like that?
> they chose the numbers big enough to result in [...] overflows
Instead of saying "What are we doing that isn't capturing the students interest in these tasks? How can we connect this subject to the students most meaningful, important, and immediate concerns and goals? What concepts from this subject can we teach the student that'll help them achieve those salient goals?"
The creators of these companies seem less concerned with actual long-term meaningful learning and more concerned with playing policemen.
Educational institutions need to be way more student-driven and student-concerned, allowing the student to shape their journey, as opposed to turning out cogs for the system like military training.
Alternatives exist like behavior analysis's programmed instruction, but even that needs a radical upgrade or integration with AI.
I played basketball growing up. Much of our practice was boring things like passing drills, dribbling drills, running, countless free throws. We all grumbled & complained - "Why can't we just scrimmage?" we'd ask. "I already know how to play the game, why do I need to work on these boring skills?"
I don't think I need to explain why this logic is flawed, and why our coach was in fact using the best methods to teach even if they were occasionally boring.
In the academic world I was very similar to these guys. I automated/cheated with tech whenever I could because I felt the grunt work was "below me" - fast forward to college and I realized how many fundamentals I had missed and struggled mightily.
The big difference with sports and games vs school is that in sports and games you are optimising to win the game, and in school you're optimising to pass an arbitrary test which only exists in the context of school. It's depressing for the same reason people grinding leetcode puzzles just to get through interviews is depressing. I've had to drill many pointless things over the years to prove to some authority that I'm willing to waste tons of time if they want me to.
Contrast this with "Do this" "Why?" "Just do as I say if you want good grades"
So in practice this would be "Ben, I know your most important goal is to become like LeBron James. LeBron James has this special trick that you like called X. He has said in the past that the fastest way to achieve this is to practice Y boring technique for at least 2 hours a day"
"John, your most important goal is greater flexibility. To be as flexible as possible, you need to do this other boring exercise more frequently 3 hours a day"
If the goal is important enough, they will go through it. However, an even wiser method is to frame it this way: In your brain you have the 'you-now'/thalamic/elephant part of your brain "Give me candy now" and the 'you-in-the-future'/cortical/mouse riding elephant "I have to lose weight". These 2 are always competing, but the 'elephant' always wins. In order to solve this, one has to research what is it that 'tastes good', and develop a diet that tastes better than the junk they already eat. If you do that, you'll stick with your diet long-term. Why? Because your diet is always the best tasting thing on the menu.
The dumb approach is to say "I'm going to force myself"... you'll burn out eventually. Reference: "Immediate Rewards Predict Adherence to Long-Term Goals" https://sci-hub.hkvisa.net/10.1177/0146167216676480
In other words, the higher-level abstract representation of this is both the 'elephant' or the 'you-now' has to be as maximally satisfied (given its range of options, the 'best' one is the most fun one), and the 'mouse thats trying to direct the elephant' or the 'you-in-the-future' also gets what it wants.
Put simpler: if you don't have fun, it will never get done.
Emphasizing relevance is in the spirit of just-in-time learning. To give an example, years ago, I struggled to learn programming for a long time. I'd watch 11 hour courses, and nothing would stick. "Today, for-loops, and conditionals..." In my mind: 'who cares? How is this relevant to the thing I'm trying to do?'
It wasn't until I found a meaningful goal and exciting project that still was simple enough, and broke it down into a series of 'google-able steps' that I finally learned and remembered what a "for loop" meant.
The irrelevant rote approach is not a good method of memorization or learning. More intuitive approaches which try to build on your existing background (reducing the friction), and your existing goals (increasing attraction), are more likely to help you remember.
Many people shy away from doing hard things and use words like boring.
There are strategies to make fundamentals more fun, but those strategies only work for a small subset of people. Other people look at those strategies and think they are boring as well.
I think most of these platforms are created in good faith. In the internet, we can watch millions of videos, chat with strangers all over the world, listen to basically every song ever made. What if we could educate everyone? That's a noble goal.
I think we could usr a mix of both styles education: boring exercises which are nevertheless important for learning, and these could be automated, leaving room for student driven learning where a teacher can guide and evaluate a student.
While this is not a bad question to ask, asking it won't avoid this kind of thing. Because it doesn't matter what the learning system is, or how good it is, many students will always do stuff like this if they can. Because it's fun. Because you get to stick it to authority.
Whether that authority is just or has your best interests at heart or is trying as hard as they can to do a good job is beside the point when you're young...
Just provide a transcript! MathML and Latex exist.
I wrote this at the beginning of the year, but never released it as I was never sure if I was missing details. I realised today there is no point in keeping it hidden, so brushed it up a bit and published it.
Btw, the repo that houses the blog is open source, so feel free to fork or whatever and use it as your own
Wish you both a very, very bright future!
I remember having some fun in high school when windows XP was the thing and handing out software at school was done using USB memory sticks. I wrote a small program just to mess with classmates that copyed itself to the machine when the memory stick was inserted and set itself to run at startup. It also copyed itself to any USB storage that was connected to the machine.
The program didn't do anything other than connect to a server so I could add it to a database along with some basic info, just so I could mess with the right person. It was fun when a USB stick was passed around, and I was the first to get it. So I got access to the the laptops of all my classmates and could mess around with them.
The problem was that it spread like wildfire, and in just a couple of weeks there was thousands of machines and it was spreading exponentially, with no way for me to stop it. That's when I realized that it might have been a stupid idea and that I should probably remove any traces of my involvement.
It makes me think that high school is still too generalized. I think I only got to pick about half my courses and even those had to fit into certain bins. Couldn’t do too many tech courses. Had to have an arts course each year. Stuff like that.
If students have _any_ personal inclination towards any course we should enable them to take it without any bureaucracy. One of the most precious and fleeting resources is when a teen is self-motivated over education.
If someone takes Math, one science and two humanities, they can apply for virtually any degree program they want (maybe with the exception of medicine, since I think that's a little stricter).
Sure, your application to a competitive degree program at a top-tier university won't be as strong compared to someone who's picked subjects showing a higher level of commitment/resolve to whatever they're applying for, but it's fine for most cases I'd say.
I’m not sure I feel too strongly about either of these perspectives.
Perhaps if we optimize this, we will just end up near where schools are today: a balance of freedom of choice and a mandatory exposure to many domains.
So I wrote a program that would show the work.
I asked my teacher if I could use that program on the test, and she said that if I knew the material so well that I could write a program that shows the work, then I'd probably ace the test without it anyways, so I could go ahead and use it on the condition that I did not share the program with any of my friends.
That condition was fine with me. I didn't have any friends. :-(
I was the kid who wrote myself a recursive descent solver for it in QuickBasic, of all things.
In the world of Music Conservatories, practice space is limited and there is a lot of competition to get a room booked. Many places use a niche scheduling product called Asimut specifically tailored to conservatories. Depending on how it is set up, for example, you could book a room 72 hours in advance on a rolling basis - this mean people were always on their phones booking rooms and then extending their booking times.
As you can guess, I wrote a simple python script that lived on a vps and read a schedule and list of my favourite rooms from a text file, would wait until the right time and book/extend for me with my username and password. Never told anyone except my girlfriend, who spent enough time with me to realize I was making bookings without ever looking at my phone!
We definitely ended things on a good note with Hegarty & Educake. They were really friendly to us and also super helpful to be honest, good team over there.
I teach art and design. Now is grading season and it is maddeningly easy to catch students who plagiarize. Like shooting fish in a barrel.
The contract cheating is another thing. At one of my previous places of employment, companies contacted students directly on their university mail and approach them offering 'educational services'. Some of them even knew what courses the students were taking.
I took Spanish classes online. One of the common exercises tested your "ear": An audio recording of one or more people talking in Spanish would play, which the student was expected to transcribe. Not translate, just transcribe.
Funny thing- for accessibility purposes, they had to provide a text transcript of the exercise.
It was pretty dumb, using the exact "algorithms" we were taught to do it by hand. It would even "show the work" so I could transcribe it. In the end, it probably took as much time to input the homework into the program, and then transcribe all the answers, making sure to fake it so it looked like I did the work, as just doing the homework. Not to mention actually writing the program, but that part was really fun. I remember turning on a small night light when I was supposed to be past bed time so I could scribble down algorithms or solutions to bugs on a piece of paper so I could implement them the next day.
If I had been a bit smarter, I might have realized that I could have used a CAS that already existed. Not sure if there were many open-source ones (that could run on windows) back then (2003-2004) though, just looked and sympy was released in 2007.
To prevent copying, while the equations needed remained the same, the numbers (inputs to what you had to work out) varied across user sessions.
One lad in the course wrote a website that he updated weekly that mimicked the UI/UX, you would plug in the values WP gave you and it would emit an answer.
The following year I took over maintaining it, and ended up in a spot of bother with the administration.
There was also another homework website that some lectures made us use, which did all the shit client side in JS. You could just inspect element and get the answer.
I honestly still don't get the point of those additional homeworks, on top of assignment and lab report workloads at university. They seemed to only exist to loosely tick a box regarding "continuous assessment".
Relatedly, they also implemented 5% credit for attendance by proxy by making us rent these radio " clickers" from the university, each with a unique ID tied to a student.
During lectures, there would be multiple choice questions asked, where the answer was irrelevant - it was a means of counting attendance.
Naturally by the second month people were delegating their clicker to someone else if they needed to skip a class.
A couple of years later, smartphone apps replaced the clickers, and SDR became affordable, granting the university a near-miss from any radio shenanigans.
Backtrack 4, Atom N270, some deauthenticated Windows XP and 13 hour long dictionary attack did NOT do the trick. But what I learned is mine.
I was in a group that, unlike our "pure" sales brothers & sisters, spent a lot of time in the office. The whole hot desk was a big PITA because we had to reserve our desks and we could only reserve, I think, 1 week in advance.
But, one of my colleagues figured out that the back-end of the reservation system had an RMI interface and it didn't do any validation of the reservation requests. So he wrote a CLI utility that let us reserve the same offices week after week.
We would've gotten away with it except that the head of sales realized one Monday morning that we always seemed to be sitting in the same place. I guess she made some enquiries because not long after that, we were all called into her office and made to promise that we wouldn't hack the reservation system anymore.
At the bard so famously wrote, "Pride goeth before a fall." :)
This sounds like it's normalizing invasive surveillance. Getting kids used to the notion that their teachers should be able to monitor their online educational activities... and then, if governments and corporations are tracking all your internet activity, email communications, phone location data - it's just the way things are done! Now have a social credit score, it's like a grade in life...
That said, I wonder if there's a similar approach, some scripts users could run to artificially boost their social credit score (in China, for example). Just something that would run in the background - it could send pithy positive tweets, visit all the government-approved websites, etc. - all with no need for the user to be involved.
Our school also has mandatory online trainings every year or two, with videos in a pop-up with most controls disabled. "document.querySelector('video').playbackRate = 1000;" used to save a lot of time, but with cross-site protections it's easier to use a plugin, which is much slower to adjust.
Was incredibly easy to exploit by invoking windows explorer via a Word toolbar of all things. This meant I could browse the start menu shortcuts of every classroom in the school and open whatever application I wanted even if it was disabled by the teacher.
A relative worked in IT at another school using the same software. I showed it to them and they mentioned it to the company who were installing it in their school. The company refused to believe I could exploit it so easily and even said they would buy me an xBox if it was true. Of course, it was true and when shown proof they went silent and I never got an xBox.
One of my very first programs I wrote was a QBASIC program to sort my spelling words in 2nd grade in 1991. I loved the idea of beating the system more than I actually disliked sorting my spelling words. I was quite proud of myself, and it seems to have worked out in the long run.
I have a suspicion that I probably found the code in one of my dads computer magazines, so it probably was cheating since I doubt I actually wrote the program from scratch. Maybe partial credit for being resourceful. :)
Anyway I received my GCSE results in August, I was surprised how well I did considering I did no revision, but I should've actually used hegarty maths instead of exploiting it :D
To me it sounds like the CEO just started panicking and sent you an email so he wouldn't have to do anything relating to fixing or explaining the problem in sales for all his customers or paying you for your work / to fix it. He probably didn't even want to pay for a lawyer, rather than how he played off being nice.
It sounds like he just got away without having to do anything because he threatened you and sold you a cop-out story "But what about the kids?"
But then again everybody benefited from that approach? If he had really wanted he could probably have gotten them in trouble with the university for cheating.
My favorite experience with "hacking" in school involves wifi. My school had free wifi, but you had to log in with your student password. Well, the login step involved a GET request in which the password was sent in plain text as a URL parameter... so if you had your friend's laptop, it was a simple matter of looking at his browser history to see his password!
Never did anything with it, but always wondered what someone seriously motivated could have done with it
He ended up getting his account reset a lot of times, but it was funny having him answer the entire dataset of questions in literally about 1m30s...
School security always seems to be a funny weak point, it seems common that a school's budget never seems to reach the IT department... and yet everybody is shocked when a vuln is discovered like that :p
What difference does this have from having employees take work back home and work in their private time...
Countless subjects also distributed questions and answers from Textbooks in a PDF format. One OCR run later and a script to clean text I had a database of questions and answers I could share with my friends to practice for the exam (which helpfully used the exact same questions). https://www.rytek.me/archive/projects/epmquiz-webapp/
I never did flex my cheating like you did haha for fear of the repercussions.
Whenever the teachers would do exercises on the whiteboard I would just do testing of my software, verifying its correctness.
Calculators were allowed, and the teacher kinda encouraged us to get familiar with our calculators (the subject was calculations-heavy) so I didn’t get caught.
Fun times, sometimes I miss TI-basic.
Although I guess that applies to sql injection as well so in theory there was really potential legal trouble here?
I think they could also just check the isTrusted field in the Event since that can't be overwritten without a custom compiled browser
The solution in general is in improving the quality of the content, using a more sophisticated format of questions that requires work rather than mere knowledge (which is also far better for formative assessment, but most platforms are focused on summative, particularly in the US)... independent multi-choice is always easily gameable in some way - if there is no better format of question available, the best that can be done for multi-choice is to have a massive pool from which you randomly draw a different subset of questions for each student, and limit the number of attempts to make it impossible to fully scrape... even then, a smart group of students may pool and share their feedback as they progress.
The tricky thing is that you want to encourage such behaviour, helping each other learn, and although in some people's eyes this is purely cheating, it's not dissimilar in spirit.
What year was the Declaration of Independence signed?
a) Martian Luther King Jr.
b) The Spanish-American War
d) The New Deal
Needless to say everyone aced the test.
I'm good at them. I can often infer the desired answer from the phrasing of the question and answer without actually knowing enough about the topic to answer correctly in a free response format. I can almost always eliminate a wrong answer or two that way even if I can't necessarily pick the winner, improving my odds.
Some people are bad at them, especially when the test demands the "best" of several defensible options.
In either case, the test results in an unfair and inaccurate estimate of the evaluatee's performance.
anyway i spent probably 10x as long on this and was happier because grinding repetitive math problems is fucking boring. so if he didn't do his math homework honestly who cares.
My second site was a blog in about 1998. I had never heard of a blog, but whatever. I built a user system, "karma" system, ability to spend karma (anyone with enough karma could post on my front page), an interactive choose-your-own-adventure story where you got to help write it, and some other features I'm forgetting.
Anyway, I built all that with flat files at first, because I hadn't heard the word "database" yet--even though I wrote this in PHP. As soon as I heard about databases, I converted it in a couple days.
I got good advice and a cool story out of it.
There are nice people everywhere.