Slashdot Mirror
CTO Says Al-Khabaz Expulsion Shows CS Departments Stuck In "Pre-Internet Era"
An anonymous reader writes "The Security Ledger writes that the expulsion of Ahmed Al-Khabaz, a 20-year-old computer sciences major at Dawson College in Montreal, has exposed a yawning culture gap between academic computer science programs and the contemporary marketplace for software engineering talent. In an opinion piece in the Montreal Gazette on Tuesday, Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.' In the meantime, Al-Khabaz has received more than one job offer from technology firms, including Skytech, the company that makes Omnivox. Chris Wysopal, the CTO of Veracode, said that the incident shows that 'most computer science departments are still living in the pre-Internet era when it comes to computer security.' 'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,' he said. 'Teaching students how to write applications without taking into account the hostile environment of the Internet is like teaching architects how to make buildings without taking into account environmental conditions like earthquakes, wind and rain,' Wysopal said."
Interesting timing ; not quite the same.
One is Defensive Planning; One is about New ways to use things.
US Government Announces National Day of Civic Hacking
http://yro.slashdot.org/story/13/01/23/1823208/us-government-announces-national-day-of-civic-hacking
_JS
And also a very good explanation. How on earth did they produce such a hopelessly stupid system? It was designed by people who are unready for engineering systems to be used.
I am a big fan of not blaming the victim, as a matter of moral principle. That's a great policy. But it's really crappy engineering design; building something that is designed to rely on the assumption that society can reliably provide perfect enforcement is stupid.
There's another layer of difficulty, which is that it is not always obvious whether something is a security hole or a permissive feature...
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
When did all the computer science programs turn in to trade schools for programmers?
Meh, why fight it. Lower that bar!
Required reading for internet skeptics
All that happened was some young hotshot did something the dept forbids. He paid for that, end of story. How you go from there to "CS depts out of touch with today's world" is beyond me, but then again I'm not some CTO either.
'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,'
That's because if schools taught people how to properly test security, the government would label them terrorist breeding grounds. Anyone remember Steve Jackson Games? They released a game where one of the roles you could play was a computer hacker. The FBI called it a "handbook for computer crime" and the "anarchist's cookbook of cybercrime". No charges were ever filed. It was a work of fiction. It still nearly bankrupt them and took many years to resolve.
Schools do not want to teach students because they're afraid of government reprisal if they show a generation just how crappy our national infrastructure really is. As one recent net celebrity put it, "Our security posture is like a dog waiting for its belly to be rubbed." They don't wanna teach people how to find these problems, because it'll embarass the crap out of The Powers That Be.
Don't blame professors for this. Look higher.
#fuckbeta #iamslashdot #dicemustdie
Like so many things, you have to learn by doing. The only way to learn how to write secure code is to learn how to hack into stuff. Otherwise, how would you even know it's working?
If we want CS students what's really involved in creating a secure system, how about a mandatory "intro to hacking" course?
There's no -1 for "I don't get it."
However, I don't buy that what this student did was hacking (in the cracking sense)
Targeting a system you don't own, or aren't reponsible for and trying to break into it is almost always not a good thing to be doing, and should be considered unprofessional (and unethical) conduct.
Noticing a problem while you are setting something else up, notifying the appropriate people, and checking to see if that problem is gone are very reasonable things to do.
I have been working in Computer Security in Internet Banking for the last 15 years, and while I have had many co-workers who measure their worth by how good they are at breaking in to things, very few of those people have been nearly as good at defending those same things.
Figuring out how to hack a site takes finding one vulnerability.
Figuring out how to defend a site takes thinking about all types of vulnerabilities.
What they are teaching is that it is unethical to run penetration testing against a system without permission. This philosophy is embodied in the ACM Code of Ethics, in section 2.8:
He got thanked for finding the flaw. He got expelled for pen testing someone else's system. Two different acts, two different issues.
At the university I go to, I recall a computer architecture teacher that used handouts/slides from when the Pentium 4 was the highest-end CPU available and some introductory programming classes that used 16-bit Turbo Pascal (so the students that were using a 64-bit OS - most of them, those days - were screwed) or non-.NET Visual Basic. Kinda says something about their CS program.
They're there in their room. You're on your own.
Well yeah, 'Computer Science is taught in this idealized world separate from reality' has always been the case. Just like Math is taught in an idealized world separate from reality. If you want to learn to be a coder in the real world, don't waste your time with a CompSci degree, get a 2 year programming certificate at a vocational training school. I never really thought of computer science as preparing anyone for a real job as a coder.
Expecting a computer science graduate to know how to be an application developer is like expecting an architect to have carpentry skills -- the architect may know all of the basic theory and design concepts behind how to build a stairway, but it's going to take him 5 times longer than an experienced carpenter to get it right, and he might have to do it more than once.
Maybe there should be a slightly different attitude towards breaking into computer systems, or attempting to break into them. However, it needs to be mentioned that if you are learning to skydive the first lesson isn't "what if you chute doesn't open." Similarly, the first project in a chemistry class isn't making dynamite.
What this case showed was a student with some skills could break into a university system. Great. One problem is that the student had little grounding in what consequences might pile up if this skill was used. Like the chemistry student making dynamite the knowledge might be there but no judgement about what to do with that knowledge.
Unfortunately, I don't think the proper response is for companies to hire people like this. They need a lot more work before they really can be expected to use their skills in a responsible manner - and today's corporate environment is hardly the place where people are going to get that. Would a person with the skill to break into computer systems and zero reasons not to do so willy-nilly (especially at the direction of lower level management with all kinds of reasons of their own) be a quality employee? More importantly, would such skills misused result in a good reference on down the road?
We are setting these people up to be unemployable in the future, right after they are exploited.
Like the saying:
Those who can, do
Those who can't do, teach
Muchas Gracias, Señor Edward Snowden !
When I was in CEGEP taking compsci as Al-Khabaz is (at John Abbott, though, not Dawson), we were the first year that didn't have a mandatory COBOL course. This was in like 2003, 2004 or so.
He ran a scanner against the site causing a DOS. Twice!
He was asked not to. The expulsion is a little extreme but what he did was definitely not justified.
and this guy is standing near the parked bikes. He comes up to me say and says you know, I could easily open that lock. I ignore him and walk away but I look back and he is standing there right beside my bike not breaking any laws. So I have a few alternatives. I can walk away and hope he doesn't damage it or rip it off. I can call the cops, but no laws have been broken, or I can unlock my bike and go elsewhere.
Though frankly what I want to do is kick him shitless.
http://michaelsmith.id.au
well we need more hands on training / apprenticeships.
The college system is kind of out of date and comes with the full load of fluff and filler classes. Tech schools are roped into the college system as well.
There is lot's stuff that is poor fit into a 2 year or 4 year plan and other stuff that needs a lot more hands on training that is a poor fit for a collgle class room. When more of a community College setting is better. Yes community College offer classes non degree.
Also the cost of college is getting to high and by cutting down what is now 4-5 years down to say 1-3 years can save alot and make it quicker to learn skills.
ALSO THERE IS lot's of IT / tech work that is not even application development or CS that get lumped into CS as the tech schools get no respect.
At the university I go to, I recall a computer architecture teacher that used handouts/slides from when the Pentium 4 was the highest-end CPU available
Basic computer architecture is basic computer architecture. The specifics may change, the number of bits may change, but the basics are still the same. I learned on 8080s and 6502s and PDP-8s and an odd CDC 6500, and they all shared the same concepts. When I pick up a datasheet for a modern processor, I see a lot of the same old stuff.
Once you have the basics, then you can expand. "How can we improve on X? By doing Y...". You don't know why Y is better unless you know what X is. And more important, it is hard to see the potential parallels for future improvement unless you know the past. "If we did A to improve X into Y, maybe we can do A to help this other thing, too..."
could easily be making six figures as well.
Hopefully some better college will offer him admission in light of him getting the boot from Dawson.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
other CS departments trun out people with skills gaps so it's more of a over issues of what is being taught is a world separate from reality with loads of theory.
I'ts like a dumb guy trying way too hard to come off as insightful.
What a brilliant piece of self-reference! Unfortunately, it was almost certainly unintentional.
Yep, and the only way to realize just -how- vulnerable your systems are is test them out yourself (or have someone do it for you). I'm afraid that many CS graduates know nothing about how the "bad guys" are going to get into your system. They might have vague ideas about how a DDOS works, but its unlikely they ever have experienced one first hand. To an average person, indeed even an average CS graduate hacking (in the black or grey hat usage) either consists of just pressing a button or involves many crazy steps that no one can possibly do. A half-assed simulation simply doesn't cut it because it isn't modeled on the real world and so the students think that their actual work will be done in a vacuum and not in the real world of script-kiddies, zero day exploits and 4chan.
Taxation is legalized theft, no more, no less.
he had a test account and as working on a app I think the school just was very out of touch with the real world IT.
Let's see he finds a bug while coding his app and then he reports it and say it was fixed and then a few days later he tests the bug it's still in place.
These machines ruined people so they cannot program because they learned GOTO and no secuirety. HGR: HCOLOR=7: HLINE 100,100 to 200,200 That is no way to learn graphics. Qt X-Windows!
that is more of IT class then a CS class.
people doing application development do need to know about makeing secure code but other parts fall on the sever and web guys who don't real need the full CS load of application development and theory classes. Also is parts of theory that people application development do not really need. Other then at at very high level.
Whoa, sorry I seem to have hit a nerve there.
Here's US Berkeley's CompSci overview... what part of this makes you think that CompSci is preparing graduates to be application developers?
UC Berkeley construes computer science broadly to include the theory of computation, the design and
analysis of algorithms, the architecture and logic design of computers, programming languages, compilers,
operating systems, scientific computation, computer graphics, databases, artificial intelligence and natural lan-
guage processing. The Electrical Engineering and Computer Science Department’s goal is to prepare students
for both a possible research career and long-term technical leadership in industry.
That's not to say that a CompSci student can't become a developer, but the curriculum is not designed to teach that - there are far easier ways to learn application development if that's all you're interested in.
They should be Teaching how to deal with stuff like this but all they did was let him doing it his own and then say you did it wrong and we not just giving a C or even a D. and you are not just getting a F no you are getting a
SUPER F as in F for life.
but he was not breaking into computer systems.
He was working on a APP and found a major bug in the system.
That like working some where let's say you adding cameras or new sensors or even upgrading the fire alarm system at bank security system and find there is a very easy way to bypass parts of the system and report it and let's a few days later you are back doing more work and find that no fix has been done.
Give it a rest dumbfuck.
Wow! What a creative comeback. Really, That was SO impressive!! "Dumbfuck!" Such poetry, and you managed an actual two syllabe word. Most impressive, can I use that? Whatever you're paying your writers, double their salary and give them 2 weeks in Hawaii. That was, dare I say, creative genius! Yes, yes it was.
I may never post again, there's no reason to now, for I have read the ultimate in rebuttals. Someone call the Fox channel!
That is why Tech needs more trades / apprenticeships and not 4+ years CS.
Way to many tech / IT jobs want CS graduates for jobs that need a different skill set.
the NDA likely said don't tell how to get into there system and they seem ok about him talking about what happened and even if it did they are not makeing a big deal about as they did not want him to get kicked out of school.
give them the power to say no the PHB about rushing the code out with bugs.
civil engineers have that power.
You're making a very bad assumption that only poor professionals work in minor colleges.
There are countless reasons for working at one university rather than another, the simplest being that it's a place you like or where you have family. Another might be that it provides good promotion prospects rather than only dead man's shoes. And another big one is that it's not a place infested with prima donnas where the only option is to play second fiddle.
Academia has a lot of problems, and choosing the best place to work is not anything like as simple as you portray. Not everybody is driven by high salaries and high prestige colleges. Indeed, the kinds of places you seem to rate most highly are often a huge rat race and not pleasant at all.
While I don't know Dawson College, just because it's small and not well known does not say anything about the caliber of its academics.
apprenticeships and more trades like learning is need then with people who have done / are doing the real work and not some professor who has not or has been in education all of there life.
I obtained a Masters in CS a few years ago. Security was a big topic for the department. We had a dedicated network and set of servers to learn, test and use the type of software that Al-Khabaz used. We do not use it on live networks against production servers. You never do that without knowledge of everyone involved. Same way where I work. Doing what he did would get you fired. If you find a security hole, point it out to the appropriate people. Then let them fix it, don't keep poking it with a stick. If your network and servers have appropriate security monitoring software, this would set off every alarm in the place.
I see coding styles that are downright horrid, that are being taught, and every single College course is so out of date, it's doing a dis-service to the students.
Couple that with a Lazy prof that is upstaged by a student..... and you get this exact reaction.
Do not look at laser with remaining good eye.
Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.'
The geek's encounters with the law --- with society as a whole --- have not been ending well for him. The Internet is not his private playground anymore. Intrusions into other people's systems and software may end in a felony charge.
I've no doubt that the geek can still find shelter and support in his own community when things go south, but the climate outside is not so warm and welcoming anymore.
does no one ever read the article anymore?
It was on a test server.....using credentials given by the vendor, Skytech Communications.
The mere fact that Skytech supposedly gave him a job offer is enough to think that the department has their collective heads up....well..you get the point.
There's a reason why the legendary Weld Pond would be so vocal and would even say "These kind of people right out of college are the kinds of people we want to hire."
My friend went to college, I went to work. He could design a CPU from scratch, knew how to do visual recognition. Nothing any employer I ever came across found useful.
I could design a CPU from scratch and my employer _did_ find that useful. I, however, had an engineering degree, not computer science.
I think it was some time in the 1980s when there was a very strong push to get academics in applied fields to do some outside consulting or perish. Then there's academics such as the head of R&D at the company I work for - two days a week at university and the other three designing and improving equipment and techniques that are used in a commercial venture.
True, but putting that statement here is very misleading because it actually has nothing to do with the situation. In this case the person was a legal user of the software and was authorised up to a point. It looks like they stepped over that line, but where the line lies comes down to fine print in licence agreements and not in criminal law IMHO. It's very different to "Running penetration tests on random companies' resources without prior authorization".
I'm sure you are aware of all that, so why are you attempting to mislead gullible readers here?
Go ahead and go in to a bank, or better yet a government agency. Barge in to the "Employees Only" area, open up a confidential filing cabinet, and start rifling through for your data. See how well you do in court with the "I was just checking to see if my data was being mishandled!"
You learned these rules in Kindergarten: Don't touch what isn't yours, don't break someone else's stuff. You don't get to go and try to bust in to systems you don't own, or have permission from the owner. It isn't just the law, it is common courtesy/sense.
Geeks really need to get it through their skulls that just because you are technically capable of something, doesn't make it ok.
The first person that described to me in detail exactly why the Pentium 4 was crap in comparison to other architectures passed his degree in electrical engineering in 1948.
In the physical world, there is NO SUCH THING as perfect security. You can't design a setup that someone else cannot overcome. All you can do it make it so hard that nobody would try, and multi layered so you hopefully catch something if there is a failure at one level. There's no perfect security, no magic bullet.
Likewise there is nothing that is invincible, nothing that can withstand any and all attacks without problems. Everything has failure points, everything can be broken. You have to use things properly or they WILL fail.
We all accept this as part of every day life. However then when it comes to the virtual world, to computers, geeks seem to think things should be perfect. No system should ever have any security flaw, ever. No system should break or fail, even when subjected to deliberate attack. Everything should be built flawlessly.
Nope, sorry, doesn't work that way. While it is a lot easier to make things more resilient than in the physical world, you still have to assume that failure is possible, that flaws are present and not known. That is just life.
This isn't really about Al-Khabez. It's about policing the boundaries of the profession. The problem - the reason that there is a culture clash - is that despite attempts for over 40 years, no-one has succeeded in transforming computer programming into a profession. To be more precise, whether programmers professionalized remains a serious question for debate.
Look at the quotes from Simonelis, Dawson, and the ACM:
If programming were a profession like medicine or law or engineering, programmers would acquire higher status, as would organizations like the ACM. From the point of view of managers, programmers are often seen as unmanageable crafts people with little respect for standard practices of business. For them, professionalization is about controlling and assessing programmers and theirwork. The rise of computer science, the creation of software engineering, and the creation of the ACM were all driven in large part by efforts to professionalize the field: sometimes more in the interests of programmers, sometimes more in the interests of management
This comes up again and again on Slashdot. Should there be a standard curriculum or test or other criteria that all programmers should meet? Should we have to belong to professional associations? Should programmers be obliged to follow codes or take legal responsibility for flaws in software? How much should formal education and credentials be valued? Should self-taught programmers be excluded?
These are contentious issues. Clearly Dawson College and Mr Simonelis have an interest in defining and policing the boundaries of the profession. This would enhance their status. But as nearly a half century of debate and ongoing discussion here demonstrate, there is no professional consensus for them to uphold. This is real cultural divide. Al-Khabez got caught in the middle, used by Dawson in their efforts to define the profession and their own status. I think that's terribly unfortunate.
For an excellent book on the history of programming and efforts to professionalize it, see The Computer Boys Take Over by Nathan Ensmenger. He argues that programmers are morke like technicians than professionals. Like other technicians, their work is often threatening to the organizations that depend on them. And despite the best attempts of computer science and software engineering, much of it is guided more by craft principles than by rigorous scientific or engineering methods.
was conducted on a test server only, and using credentials provided to him by the company that makes Omnivox.
So maybe he did the test the wrong way or he may of went to far but he is still in school and should be learning how to do stuff like this not getting kicked out for doing it wrong
also other parts of IT should not be lumped into CS they should have there own profession.
Holy shit. I will never admit to having taken a COBOL course. I graduated college in the late 80s.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Well, if you want to see "so what" go read your state's legal code, or the US code. If that is too complex or theoretical for you, go break a law, may I suggest a small one, and get caught. You'll quickly find out "so what."
That's what happened to this guy. He broke the rules, he faced the consequences.
Funny, when I was going through CEGEP a bit more than half a decade later, we had moved up to... VB6 :P There were two major revisions of VB.NET out at the time, but of course the school was still running Visual Studio 6, not VS.NET or VS.NET 2002.
Go ahead and show me the home/business alarm you think will stop me. Go ahead. I can more or less guarantee you can't do it. The reason is I know quite a bit about how they work, since my grandpa has been in the business of selling them all his life, and how they can be defeated. Particularly if you are talking something public where you can look around innocuously and find out what is there. Ultimately they are at their core just a circuit board in a box that connects to sensors, sirens, and maybe a phone line. Break the board, they stop working. If you have one in your house open it up and see what's inside. It is simplistic, and not at all attack resistant other than the thin metal box it lives in.
For that matter, defeating an alarm really isn't necessary if taking something, like say physical data (files and so on) is your objective. All they do is make noise and if they are good ones, call a security company who will eventually call the police who will eventually respond (they aren't that fast, false alarms happen often). That doesn't stop people with guns from kicking in your door, grabbing what they want, and leaving.
Same shit with security guards. You ever have a look at the security that public places like office buildings and malls use? They are unarmed, and low paid. Their job is to call the police if shit happens. It doesn't take much to out-class them, you bring a pistol with you, you've already got them hopelessly outgunned. You think they are going to throw their life on the line if someone holds them at gunpoint? Hell no. For that matter there usually aren't very many. The mall near me has one car that patrols their parking lot at night (I overlook the parking lot). That is it for perimeter security. I don't know what they have inside, but you can bet it isn't much more (maybe not even anyone).
Physical security at homes and businesses keeps out the causal crooks, nothing more. Now that's all they really face, people wouldn't bother with a targeted, planned, attack, they just don't have enough of value. They face low level thugs that do vandalism, smash and grabs, that kind of shit. And oh, by the way, it DOES happen. The mall near me gets broken in to at least once a year, usually dumbass teens just causing trouble, and by the fact that they got in, it means security failed to stop them.
They don't get fired, their job isn't to stop everything, it is to report anything they see, and to drive around and look conspicuous (their car is marked, and has a flashing yellow light) so as to scare troublemakers off.
If your house has never been broken in to it isn't because you have amazing security. A burglar alarm and a crap lock do not make great security. It is because nobody has tried. They good news is most of us don't face much in the way of threats to security in the physical world. Nobody tries to break in, or attack us, or the like. It is quite uncommon.
Now that doesn't mean we should just be all lax with computer security, but it does mean that this silly demand of perfection needs to stop. Nothing is perfectly secure.
Fuck that. What he did exposed the incompetence of Skytech, Edouard Taza, the department that wouldn't protect its student and the administration which, by extapolation, doesn't give a rats ass about and of their students... generally.
Did they refund his tuition? I'll bet not.
Good luck with any lawsuit in the age of paranoia.
It is kind of hilarious that he calls it the 'pre-internet' era. As if we didn't worry about security before the internet. Ha.
"First they came for the slanderers and i said nothing."
My experience when looking for a job found it is more like the fact that schools work on a shoe-string budget when it comes to their infrastructure especially IT. They don't want to (can't) pay industry rates or if they do you end up doing more than just IT work as part of your role. So they end up getting people willing to take their lower pay.
And despite the best attempts of computer science and software engineering, much of it is guided more by craft principles than by rigorous scientific or engineering methods.
And the interesting thing about all this is that there's a sizable group of programmers who not only think of programming as a craft, but want it to become even more so, up to the point of resurrecting the old three-level system of professional advancement from apprentice to journeyman then master craftsman. The book that introduced me to the subject was the quite inspiring Apprenticeship Patterns, which I highly recommend for anyone interested. And as usual, Wikipedia offers plenty of references.
Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
So, The Security Ledger (is that Sledger, for short?) wants to tar the whole Computer Science education fraternity (no pun intended) because of this single incident - all CS departments and teaching are considered outdated, because of this? Great to see the Sledger applying the best scientific methods to its analysis!
Apparently, they've been taking a lot of heat - the front page of their web site has a semi-lengthy explanation that the expulsion was for violation of their "professional conduct code", not hacking.
One of the no-no's is "Continual rudeness". How Canadian. Guess Steve Jobs wouldn't have lasted long there...
“Schools are supposed to teach best practice, which includes ethics and adherence to reasonable laws,” -- yes... in some imaginary world they live in that's much more important than fixing exploits in your software. That's the right attitude for having a very hack-able site.
"password is sent as part of a URL"
If you ever see security this bad, close your browser, fdisk your machine, write multiple series of 0 and 1 to the drive, then destroy it with homemade thermite and never never never speak of it again. Anything else is likely to be a felony break of a EULA.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
No, not student loan bubble, the bubble most teachers are enclosed in all their lives. They go to school, they learn to teach in school, then they go back to teach. Finding a teacher who isn't out of touch with reality is rare because their reality relies on teaching and not practical application. It reminds me of my high school world history teacher. We were forced to copy overhead projector notes verbatim and organize our notebooks in exactly the method she described. We'd have a notebook test for 20% of our grade with 10 questions on it, questions like "what is the 5th word of the 11th page in your notebook" with the answer being "the." I should also mention this was 2001 so antiquity isn't an excuse.
All of my best teachers have been people who experienced their craft in the field.
Way to straw man the topic, eh?
Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
From experience at a top 5 consulting engineering firm if something went wrong it was normally the contractor who cocked up - one of my more interesting jobs there was reverse engineering a soil density program to prove that a sub contractor was at fault when a bridge fell of its supports :-)
That our colleges are overly staffed by professors who spend their entire lives in the ivory towers of academia should come as no surprise to anyone. Indeed, as others have said, that type lives in the pristine world of theory and never has to face reality. Thus, they do not provide adequate preparation for people who have to apply that theory in practical applications. I'll never forget the professor who could not understand why a computer program that actually worked was better than one that did not. He had assigned us a challenge. I was the only student in the class who succeeded. He laughed at me right in the middle of class since my solution was 300 lines and his was only 6 lines. I copied each of his lines of code exactly. After class I entered them into the computer. His "solution" crashed even on the simplest cases. I printed full diagnostics and brought them to the next class. I present those and he insisted I must have made a mistake. I said I had not erred and offered the printout to him to examine. He still insisted his program was better, even though it did not work. On the other hand, I have had some very good professors who were quite open to discussion. From them I learned a great deal. Their teaching makes all the difference in my professional life.
I did not post advice.