Slashback: Cheats, Entries, Loki

Slashback tonight brings you updates to previous stories on computer-class cheating, Smoothwall, AIBO hacking, the Open Source Directory, and the fate of Loki's CVS. Read on below for the details! Jon Masters was one of the many to write in after recent articles about automated cheat-detection employed in undergraduate CS classes to catch plagiarists. "Hi, cheat detection is hardly new. For example The University Of Nottingham have developed an automated marking/plagarism detection system as part of their CourseMaster software. Personally I don't agree with automated assessment in general, however plagarism detection can be useful."

From the email I've gotten on it, it seems like a whole passel of schools have at least a homegrown solution to CS cheats.

Perhaps the cute dog will end up changing Sony's stance? CodeMonkey555 writes "Here is a story that chronicles Sony's little foray into the DMCA with a hacker who added software for the Aibo robot."

It's nice to see that publications like SciAm are following the results and consequences of the DMCA.

Care to help edit an online software reference? SteveMallett writes "We at Open Source Directory (OSD) have opened the directory to volunteer editors now that we've given app authors and maintainer's a good chance to start and/or maintain their own listings.

Those interested may wish to visit our volunteer page which outlines what we're looking for. Don't worry. We're not that picky. The outline includes guidelines and tips for being a volunteer. Unlike dmoz, which has volunteer editors, we _will_ delete unupdated or neglected editor work in accordance to our Social Contract.

We hope that editors will help fill in the missing apps, take over those listings that they can do a better job of or have become neglected, and find those diamonds in the rough."

See our earlier post about the project if you're not sure what this is about.

Yes, someone has to read all those emails. kcurtis writes "Boston.com's tech site has this AP article about the large response to the Court's request for comment on the MS case's proposed settlement."

Now all they need is a trowel with an emblazoned smiley. enigma48 writes "Looks like the C'T article a little while ago about Smoothwall prompted some changes after all. Juergen Schmidt even gets a little credit. Shadow passwords are now in, but it looks like the ppp secrets file is still open (they describe it as being a "non-vulnerability"). A-patchin' I will go, a-patchin' I will go..."

So you don't have to stop playing your games ... Scott Draeker of Loki has some encouraging words for those who thought the announced (upcoming) closure of Loki would mean the loss of Loki's code and community. Draeker sent word of this a few days ago, but here are more details.

He writes:

"We have prepared tarballs of the public CVS, FAQs, mailing list archives, demos and Loki_Update which will be available for people to host. That's exactly what's going on with icculus.org.

The official repository will be hosted by the SEUL group at MIT. Once that site is set up we'll point the loki domains that direction. They'll also be adding some Loki projects to public CVS which were never completed."

AIBO Hack

[doooras]

Can you hack an AIBO to make it hump people's legs, or micturate on their shoes?

Buying a Product...and the DMCA

[Ieshan]

It seems interesting to me that the DMCA allows no condition of fair use when it comes to breaking encryption on purchases - at least, this is how the article presents it.

Notice that Aibopet never actually uses the code within the Aibo to make a profit. Someone could argue, technically, that he uses it to make a name for himself, but he hardly even does that. I think it's interesting that Sony would choose to pursue legal action on the basis that the code was cracked, not that something illegal was done with the code.

This is something like purchasing a refrigerator, dismantling it, using the fan to cool yourself, and using the shelves inside to hold books. Sure, it wasn't the intended use of the product, but who's the seller to determine the intended use and then legally enforce that use? Encryption was brought about for a variety of reasons, but one of the reasons wasn't to make sure that a product was used in a specific way - rather, it's primary ability is to keep other people from making a profit on someone else's ideas.

As long as Aibopet isn;t doing that, I don't really understand Sony's original position on the issue.

the fall of Sony?

[motherhead]

I wonder if a projection exists in the corporate organs of Sony that demonstrates how much loss of revenue and market share Sony Consumer Electronics Division stands to loose in the next five years thanks to the aggressive lobbying, litigation and posturing of the Sony media and content creation divisions.

It just seems to me that the money in consumer electronics is going to go to companies like Phillips and other (smaller) manufacturers that help consumers exploit and enjoy content any damn way they want.

Sony makes some marvelous and high quality components and gadgets, but revenue will go to the companies that offer devices that accommodate the way consumers want to use them, rather then devices that will accommodate the way a company wants to use consumers.

Trying to have a market created and tamed through legislation and ill conceived laws damn well should torpedo your empire.

One must wonder

[Restil]

Why does sony even care? I mean, maybe they're hoping for a long history of upgrades in the future that they can charge end users for, but in the end, if there is other software available for AIBO, people will still have to buy the product to use them. And if more poeple are buying AIBO's so they can use the hack than those who are purchasing it for the original intent, WHO CARES!

Sony still gets their money from it.

-Restil

Random Uneducated Question

[Drake42]

If the illegality is in breaking the encryption, could some secure 3rd party break the encryption and send me the results. Posetion of cracked data is not an offence, is it? Maybe some Ukranian crack-boy could make a living cracking the encryption on popular items and then selling the results back into the US. What is anybody going to do if I release some code for something, based on publicly available specs. (Even if those specs are the result of some work done elsewhere that couldn't be done here.) Isn't that how PC cloning got started with Clean Room reverse engineering?

I may have to get a Robot dog!!

[Kasmiur]

"Meanwhile, back in America, some owners delight in replacing Aibo's soothing beeps with the voice of Cartman, the potty-mouthed South Park character. "

I can see it now.
Me: Fetch fido
dog: AAaaaah my ass is on fire!!

Game porting without Loki ?

[hack0rama]

Even if Loki donates all the code to the community. The community cannot port games. Since the game publisher needs a company to license the code under some contract.

I hope another company picks up everything from Loki. Does all the contract/licensing stuff, but unlike Loki try and make use of volunteer work from the community to save money. I am willing to provide few hours of my time, for getting games on Linux and I sure hope there will be others.

I am aware of the issues of volunteer work vs full time employees. The contarct/licensing issues of closed source games. Maybe its all just wishfull thinking. Sigh ..

DMOZ still using editors??

[berzerke]

I hope the open source directory takes off and actually takes in editors. I applied to DMOZ for a not too large category and got an instant rejection saying new editors should apply for a smaller category. Ok, I reapplied on for a much smaller category. That was about 2 months ago. (Both categories needed an editor, BADLY). Still haven't heard back. I begin to wonder if DMOZ is even using editors anymore.

My experiences with 'cheat-detection'

[grahamsz]

In my first year of university they had the bright idea of running some plagurism detection software against our classes submissions. I believe 127 people were accused of cheating by the CS department - including me.

I was sent a letter telling me that I had been accused of conspiring wiht one other person and consequently my mark would be halved.

Naturally I was outraged and got on the phone to the head of department. He explained that my submission was unacceptably similar to one other person and either someone copied it or we had collorated - I hadn't collaborated, copied or let my work be copied.

I arranged to meet with the course organiser and they showed me both submissions. Mine had originally been given 34/35 and the other had been handed in 2 weeks late and even then given 0/35. The other submission looked virtually identical to mine but had oddities like capital I's as loop control variables (suspiciously as if it had been typed into M$ Word). My guess is that he'd picked my code up from the recycle bin in the lab and typed it in.

However faced with this, they still argued that I could have allowed this person to copy my code (even hinting that I might have accepted payment for it) and if I had any further evidence to prove my innocence then I should draw it to their attention.

My father and I responded that it wasn't right that I should have to prove my innocence since it's a basic human right to be presumed innocent until proven otherwise. We suggested we would seek legal council, and they were quick to write back reinstating my original mark.

What frustrated me further was that the other party involved (who was never identified to me) was punished equally - by having his mark of 0 halved!

Cheat detection systems are fine as a mechanism to prompt staff to possible problems but they certainly shouldn't be used as the judge and jury.

Given that CS typically has large class sizes - mine was over 300 at one point - and CS assignments are often quite short and often closely related to textbook examples ... it's infeasible to hope that no two students will produce very similar results.

The other thing that's NEVER been made clear to me is the distinction between permitted collaboration and plagurism. Every university document is fairly vague about what's acceptable and what's not. And as one of my other professors put it - "In the real world before you embark on any assignment it's worth asking, searching, begging and borrowing as much of it as possible"

CVS it

[bcrowell]

The best solution I've heard of is simply to require the students to maintain their code on a public CVS repository. Then their changelog will tell the story of whether they really wrote the code themselves, or copied it wholesale from someone else the night before it was due. If they also GPL it, then plagiarists are also breaking the law by violating the license.

Without such a changelog, honest students are vulnerable to a situation where someone else gets their code by dumpster-diving for printouts -- then it's one person's word against the other as far as establishing who really wrote it.

This solution also has the benefit of showing that the issue is plagiarism (not giving credit where credit is due), not code sharing. Code sharing is ok -- it's the programming equivalent of using a properly attributed quote in an English paper. After all, nobody expects students to rewrite glibc from scratch for use with their class project!

What cheat detection REALLY is...

[hyrdra]

IMO, the real reason for cheat detection is not because of some moral reason to stop cheaters, but because of laziness.

What I'm getting at is really, how many professors actually look at the code to a program and not just run it to make sure it does what it's supposed to do? I had a CS teacher once tell everyone to make sure we output to a file so he could run the programs in batches and compare the outputs to what should be the output easily. Then he would run the source through a cheat detector and viola, he's done for the night.

I'm not saying professors are lazy, but programming is a rare example where this kind of detection could proove useful because often times it doesn't matter what the source of a program is, how poor or good it is, just that it does what you want it to do. This may seem like bad engineering, but its a real life fact in CS. English teachers are required to read the papers of their students -- thus they'll know a cheater off bat. But CS professors are not held to the same requirements, or let alone standards.

The problem with computer cheat detection is that there is, currently, no match for human cheat detection. You don't hear of a cheat detection system for English papers, why for CS?

The solution I think will be to have professors that actually go through the source code of each student. A particular case that I know of is a professor that would go through a project and comment on the source line by line, right along with your comments with things like "Good idea, great OOP use." or something like "You might try a linked list like this...". Not only was this invaluable assistance leading to better programmers, it was VERY easy to spot cheaters, because...he actually checked the source.

Why am I saying cheat detection is bad? Well, I'm certainly not a cheater. I know of several people who love CS -- not for actually liking programming, but for rushing through with assignments and turning them over to those who are helplessly lost for a quick profit. I don't like cheat detection because it not only can implicate those who don't cheat, but it allows professors to be lazy. If I was a suit at a university, I would bet on the professor I mentioned earlier who goes through source commenting than one who analyzes outputs and then runs the source through the latest cheatdetect.pl script.