Slashback: Cheaters, Spammers, Chessmen

Slashback brings you more words tonight on catching CS cheaters (and whom to credit for the software that does so), giving money near-painlessly to another worthy cause, complications in wiretapping California's phones, and more. Read on, and enjoy!

GA Tech TAs not given credit for program exposing those who don't give credit. zorba1 writes: "Chalk another one to the 'TAs get no credit' department. CNN is running an article on how on how Georgia Tech's College of Computing professors wrote a cheat-finder program that discovered 186 Intro to Computing cheaters. As a former CS TA at GaTech, some clarification points:

1. The app was developed by TAs, not by professors.
2. It doesn't detect 'exact duplications of computer code.' It removes variable names and examines duplication in code structure.
3. The only reason it's in the news is that GaTech recently required nearly all students to take one or two introductory CS courses."

The stench whiffed 'round the world ... Kelsevinal writes "A look at this article on the Chicago Tribune website reveals that our good friend Bernie Shifman is getting a little publicity... Think what you want about the situation, but I think it's funny as hell. I bet Shifman likes it too ... think of all the human resources depts. who might see this!"

After all, not everything is Free. xueexueg writes: "I just noticed that the Free Software Foundation has finally gotten around to setting up secure servers for orders and donations. For ages you actually had to print out and mail an order form to them, but now, at last, you can give them money for goods or charity, in your proverbial underwear."

And let's face it, there aren't that many places in the world where you can order T-shirts adorned with a levitating gnu.

Does this remind you of Gorman Seedling's electric collars? koganuts writes: "Updating a story posted by Slashdot on January 9th, according to The Los Angeles Times, "Gov. Gray Davis' proposal to let state and local police obtain roving wiretaps on suspected criminals was dropped from the legislation containing it Tuesday after the legislative counsel's office concluded that it was illegal." There were also provisions in the proposed bill which extended wiretapping to e-mail and the Internet. One thing I never knew was that "...wiretaps cost an average of $56,767.""

Have you learned your lesson? Eblis writes: "The Learning Machine Challenged hosted by AI has finally ground to a halt, with results available at lmw.a-i.com. Congratulations to the winners and to AI for hosting such a successful contest!"

Well worth the $$$

[Guitarzan]

If you could pay $56,767 to wiretap a 900 number, imagine how much cash you could save!

To take care of some spammers!

[www.sorehands.com]

When I get the SPAM for the software to make unlimited copies of DVDs so I never have to pay for a DVD again, I forward it to hotline@mpaa.org. See if the MPAA is really after piracy, or just to scaare people.

Re:To take care of some spammers!

[aridhol]

When you do this, make sure of one thing - ensure that you make it absolutely clear that you are forwarding an email you received. You don't want them coming to sue you for spamming and copying DVDs when you're trying to report someone.

Money in my underwear?

[GeekLife.com]

Well, I'm glad they finally take that online (though I'd like to hear how) 'cause the Postal Service was really getting peeved at me for trying to send all that underwear through snail mail.

Re:Free Software Foundation and PayPal?

[Penrod+Pooch]

Because they had to wait for RSA patents to expire. You can't very well use stuff you oppose if you want to be taken seriously.

Shifman article seems biased

[Shade,+The]

The Chicago Tribune seems to represent Shifman as a guy who's been persecuted by the devilish anti-spam community. Um, hello? Read the log of emails sent back and forth. Shifman is abusive, insulting and, quite frankly, stupid. He seems ignorant of any legal knowledge whatsoever; threatening to sue all involved in critisising him for simply reporting a piece of spam _he_ wrote.

Please stop and vote for this moron spammer

[anticypher]

Cool, the Chicago Trib has a poll, just like slashdot and cNet.

Is Bernard Shifman a "moron spammer?"

Yes. Hundreds of complaints can't be wrong.

No. Give the guy a break. He's looking for a job.

Please stop and vote for this moron spammer.

the AC

Similarities in Structure?

[rMortyH]

I'm interested in this GA tech program....

I have alot of hours in as a helper in undergrad CS labs. If you were to remove the variable names in intro to CS assignments, most correct assignments should appear identical without cheating, especially given the simplicity of such projects. Are thirty classmates supposed to come up with thirty completely different and original programs to calculate a fibonacci series? Is that even possible? Does anyone have any information about false positives?

Re:Similarities in Structure?

[Tom7]

One of the tricks we used (at my school) was to look for trailing whitespace and the combination of leading tabs and spaces, since this kind of thing is preserved when copying, invisible, and unlikely to be the same across independent correct solutions. It's true though that this automatic testing can't do much for the really simple assignments (ie, write insertion sort).

Much better was simply (when possible) assigning the same person to grame the same piece of code across all assignments; certain bizarre idioms or mistakes really jump out at you and catching cheaters that way is much more effective.

Re:Similarities in Structure?

Disclaimer: I too am an ex-TA from Georgia Tech. I am posting this anonymously due to possible privileged information.

The CheatFinder is really a suite of programs, sort of kludged together. Some are writting in various shell scripts, other parts are in C and Perl. In a nutshell, CheatFinder examines all permutations of students' submissions and calculates a score from 0.00 to 1.00, where 1.00 indicates a perfect match. The one in charge of running CheatFinder determines a relevancy level, typically 0.95 or so. All results above that threshold are then hand-examined for matches -- things like same indentation, same errors, etc. For students whose works were flagged by it, all of their other submissions were then critically examined. The idea was to build a case to demonstrate that this particular set of students were cheating, much like Jack McCoy builds a case for the prosecution. The true test to see if a person was cheating was by asking him/her, "Tell me how your program works."

As you correctly pointed out, simple programs will cause multiple false positives. CheatFinder was not run on those trivial assignments; it was reserved for the longer ones occuring later in the term.

To be honest, CheatFinder was just one of many ways to detect academic dishonesty. Experience has shown that cheaters are stupid. Examples include: forgetting to remove their friend's name from their submission, braggingg about their exploits within earshot of a professor, and so forth. Almost of our cheaters were found through means other than the CheatFinder.

Re:Similarities in Structure?

[firewrought]

Allow me to present some random thoughts in defense of GA Tech's cheatfinder:

First, the program is used to finger potiential cheats... all suspects are examined by humans who are aware that the cheatfinder may report false positives. It's not as if the cheatfinder automatically files charges with the Dean's office. In this sense, the cheatfinder serves to augment (not replace) human intelligence in a way that would otherwise be infeasible in a class with 600 students.

Second, the assignments are non-trivial, so design can vary substantially. Even when the things are simple, it can be awful damning when two people choose the same design approach to all problems on their homework (especially when the problems are conceptually independent of each other, or when two students' answers share the same monstrously silly mistake).

Third, an incredible number of people cheat; most of these people don't get caught, or if they are caught, they don't get punished, or if they do get punished, it's a light wrist-slap for the first offense (say... receiving an "F" in the class and a note on the transcript instead of expulsion). Because The College of Computing has a program, they catch the highest number of cheaters. I feel sorry for all of the honest students (especially those in the harder majors) who must compete against cheaters their entire academic career: their degree is devalued in the marketplace by the behavior of others.

Fourth, the cheatfinder program recognizes and adapts for common structures in student programs: if fifty percent of the class shares a common structure, there are at least three explanations: (1) fifty percent of the class coluded with each other, (2) the problem is "naturally constrained" so as to be most readily solvable in this one fashion, or (3) the professor goofed and gave the problem as an example in class. Cheatfinder is smart enough to realize that (1) is unlikely, and so considers the duplicated structures to be innocent. So if the entire class cheated and turned in the same exact assignment, the cheatfinder would not report it.

Fifth, counter to some suggestions by fellow slashdotters, it is best to run this thing at the lower levels of the program. The higher level classes aren't focused on "how to program" and generally don't afford as many opportunites for cheating (many, but not all, of GA Tech's 4000 level classes have every student-team work on a different project). At the higher levels, code reuse can be a good thing, provided that proper credit is given to the real author and that the essential learning challenge is not removed.

Now for the disclaimer: I am a Georgia Tech TA, but I have not had direct exposure to the cheatfinder. Most of my claims are based on heresay and private conversations with those who do work on the cheatfinder. Some claims are based on my own experience TA'ing and trying to prosecute people.

The lesson Bernie didn't learn...

[Restil]

Once upon a time, I was a member of a mailing list and I posted a rather controversial message. Someone replied telling me how much of an idiot I was. I responded privately to him, attempting to explain why I felt I was right and based it on my own personal (yet somewhat embarrasing) history. I kept it off the group primarily because I mentioned issues I felt I really didn't want the whole world knowing about and also I didn't feel like carrying on a public flamewar.

Needless to say, he decided to post a reply to it on the mailing list, complete with my message fully quoted. NOT what I wanted to happen. Of course, the response was less than friendly. I could have decided at this point to reply again, either to him or to the group (same thing really) and continue the war, but instead I just dropped it. Completely. A few people responded once, but in a day the thread was dead and I doubt anyone remembered it.

Bernie started out by doing a stupid thing. He spammed a bunch of people trying to advertise his "services" through what he STILL seems to believe is a reasonable method and when confronted chose to reply and carry on the problem by REALLY making a name for himself.

What if he just let the issue drop? If he just quit spamming and never said another word about it? In a matter of a couple days nobody would ever recognize him. Whatever little damage was caused by a letter to his isp would have been the extent of his embarrasment. He could have EASILY picked up the pieces from that debacle and avoided further problems. Now, its getting to the point where he may very well be unemployable in his industry of choice because not only has he made a professional ass out of himself, he is causing people to look VERY carefully at the type of work he supposively has experience with and relating it to his behavior in this matter and creating the (probably correct) impression that he is most unqualified for the very positions he seeks.

If only he had shut his mouth and walked away while he had the chance to do so gracefully. The world is a big place. You have to screw up pretty badly to make a name for yourself. I despise spammers as much as the next guy, but its a foolish mistake he could have recovered from easily. Now he won't live it down for a LONG time.

I hope fame was what you sought dear Bernie. For you have found it.

-Restil

Re:Catching CounterStrike cheaters...

[James_G]

You've got to be kidding me.. Clearly you have no idea about the anti-cheat measures available today.

Punkbuster stopped supporting HL/CS several months ago. Paladin is a joke and was hacked within minutes of it being released.

What I run on my server is a combination of CSGuard And Cheating Death. Cheating Death is interesting in that it doesn't attempt to detect cheats, but just to hide the extra information used by the cheats to wallhack/aimbot, etc. It seems to work really well, and is going to be very much harder for the cheat coders to work around.

Result? My server is mostly cheater free. I can go on there and have a good game and not worry about cheating. I bust something like 10-20 people a day which makes me happy..

Re:Question...

[filtersweep]

"A recent report by the state Department of Justice showed that California law enforcement requested 88 wiretap orders in 2000. Judges granted every request. The wiretaps cost an average of $56,767 and resulted in the arrests of 271 people. Of those, 17 were convicted. Most were used in drug investigations and involved home phones, cellular phones and pagers. "

I'm just spitballing here, so bear with me...

88 wiretaps = 271 arrests = 17 convictions, 254 that were NOT convicted

88 wiretaps requested = 88 wiretaps granted (not a bad percentage)

88 wiretaps X $56,767 = $4,995,496

$56,767 / $40hr = 1419 "man" hours per case on average (OK... I just made up $40 for maintaining an employee with benefits, etc...)

That is a hell of a lot of time put into wiretaps. If taps are anything like most businesses, the real cost goes into employee time. I probably spend a total of 25 hrs./month on the phone (including work time... and one might assume criminals might consider crime as part of their job?). If an investigation takes 10 months, we are up to 250 hours. If we consider the ratio of 88 taps yielding 271 arrests, that is about 3 people per tap. If we multiply our 250 hours X 3 we are at 750 hours... and that is just real time phone monitoring. Add all the support staff and forensics- we'd have to double that staff time to bring it to 1500 hours per case. It might actually be plausible.

More significantly I find it disturbing that 100% taps are granted by the courts, but the conviction rate is about 19%. The arrest to conviction rate is 6%. That is a low return for giving up civil liberties.

(CS == Counterstrike) = IsntFunny

[rasactive]

I will personally kill the next person who posts some stupid "CS? You mean counterstrike?" and then I will kill the person that laughs at it.

Re:10-to-1 odds

[servasius_jr]

Is Bernard Shifman a "moron spammer?"

91.6% -- Yes. Hundreds of complaints can't be wrong. (456 responses)

8.4% -- No. Give the guy a break. He's looking for a job. (42 responses)

498 total responses

How dare you repeat such lies?!? This is slander! this is libel! I'll sue you! I'll sue the Chicago Tribune! I'll sue all 456 respondants who answered 'yes'! I will also be suing Al Gore and Bill Gates for inventing the internet, and the moderators and editors on slashdot for violating my 1st ammendment rights! Please give me your address and phone number, as well as those of all of your co-conspirators mentioned above, so my lawyers can sue all of you.

Litigiously yours,

Bernie S.

catching cheaters is easy: check the assembly code

hm, as a former research assistant I can testify about the approach we used to catch cheaters :
(this was for an assembly language course)

• Students had to submit their source codes via mail
  
• We compiled the code and ran it ourselves (well our scripts did, anyway :))
  
• We checked correctness with our test cases.
  
• We cheched the number of machine instructions, the number of instructions of each type aso.
  
• When in doubt, we used diff.
  
• Before accusing someone, we manually checked.
  

We had no false positives.

Re:my school

[jovlinger]

I graded an introductory scheme course once. You have no idea how easy it is to pick out cheating in an introductory programming course. You can actually pick out pretty much the whole solution history, much like a genetecist can track speciation through differences in DNA.

Beginning programmers make such a wide range of mistakes that it's obvious which people discussed the problem before hand, which people programmed their solutions sitting next to each other on different computers, and which people just made a copy of someone else's solution (while they were away from the computer, it is often claimed).

I'd say that all but the last of these scenarios is fine. What IS galling - nay insulting - is that they students think that the TA won't notice that two programs have exactly the same error epidology. I could understand if they thought they could get away with copying and modifying a working solution, but when the solution doesn't produce the required result, the TA HAS to grok the code. And you quickly notice when solutions are "similarly stupid". Strangely enogugh, the right solutions tended not to be copied. I'll spare you my specualtions on the social dynamic that results in that scenario.

So no program necessary, IMHO. Of course, I had a fairly small class. I would hope that bigger classes get a couple of TAs.

CS Cheaters

[Gary+Yngve]

For one of the classes I TAed at GT, we were too lazy at the time to get the cheatfinder working
under our conditions... We told the students
we were using cheatfinder, but we never did.

We still caught many [lazy/stupid] cheaters.

There was one time they had to write some
sockets code and turn in their interactions
with our test server.

Bob turned in "Congratulations, gt1234a [Bob's uid] has correctly communicated with the server. You get a 100!"

Sam turned in "Congratulations, gt1234a [still Bob's uid] has correctly communicated with the server. You get a 100!"

[names changed to protect the moronic]

P.S. Zorba... wassup! long time no see!

Re:Civil Liberties

[Ldir]

And what might those civil liberties be? The right to safely and securely traffic drugs? No thank you, I'd rather have the wire taps. After all, they aren't tapping YOU. - or are they?

I suspect he was talking about the rights of the 254 people who were arrested, but NOT convicted . Of course I'm sure they were all guilty of something, so let's lock them up anyway, just to be safe.

There's something seriously wrong when we arrest 271 people, but a judge/jury only convicts 17 of them. Would you remain employed if the quality of your work was so poor? This is exactly why you should be so uneasy with the way the USA PATRIOT Act undermines the checks and balances from our justice system.

Cops are paid to find the bad guys. That's their focus, that's what we pay them for, that's what we want them to do. The judiciary and our constitutional rights are are there to hold the reins on the police, to make sure they don't go too far, to make sure we as a society don't sacrifice the rights of the innocent too much in our zeal to get the crooks. You don't have to be dealing drugs to fear living in a police state.

Police are about law enforcement. The judiciary and our rights are about justice. There is an enormous difference between the two.

Re:CS Cheaters

[zorba1]

I have to admin, the "light test"[1] worked for most of our CS1501 pseudocode submissions (that is, before we went to Scheme).

[1] 1. Place papers of suspected cheaters on top of each other.
2. Hold up to light.
3. Observe how everything overlaps *perfectly*, down to the whitespace, var names, etc.

PS: Hey Yngve! Not much - email me!