I wrote this at the beginning of the year, but never released it as I was never sure if I was missing details. I realised today there is no point in keeping it hidden, so brushed it up a bit and published it.
Btw, the repo that houses the blog is open source, so feel free to fork or whatever and use it as your own
I sometimes wonder if that kind of “not approved” intellectual curiosity can be used to augment education. Sort of like having old school alarm clocks that are designed to be disassembled.
My favorite experience with "hacking" in school involves wifi. My school had free wifi, but you had to log in with your student password. Well, the login step involved a GET request in which the password was sent in plain text as a URL parameter... so if you had your friend's laptop, it was a simple matter of looking at his browser history to see his password!
Never did anything with it, but always wondered what someone seriously motivated could have done with it
Congrats on a successful end to a fun high school project! Stories like this are always fun to read.
Wish you both a very, very bright future!
I was the kid who wrote myself a recursive descent solver for it in QuickBasic, of all things.
The university didn't take kindly to that. They accused me of trying to take down the co-op system and threatened to sue me for copyright infringement. Since I linked into their system for job descriptions, I was able to show that the data I actually had (company, title, location) wasn't creative work and therefore not copyrightable. I also had some friends in the university faculty and staff who spoke up for me, since I had reported security vulnerabilities in the past, indicating that I wasn't acting with malicious intent. In the end, I just had to take a business ethics course, which I probably would have taken anyway.
To me it sounds like the CEO just started panicking and sent you an email so he wouldn't have to do anything relating to fixing or explaining the problem in sales for all his customers or paying you for your work / to fix it. He probably didn't even want to pay for a lawyer, rather than how he played off being nice.
It sounds like he just got away without having to do anything because he threatened you and sold you a cop-out story "But what about the kids?"
I remember having some fun in high school when windows XP was the thing and handing out software at school was done using USB memory sticks. I wrote a small program just to mess with classmates that copyed itself to the machine when the memory stick was inserted and set itself to run at startup. It also copyed itself to any USB storage that was connected to the machine.
The program didn't do anything other than connect to a server so I could add it to a database along with some basic info, just so I could mess with the right person. It was fun when a USB stick was passed around, and I was the first to get it. So I got access to the the laptops of all my classmates and could mess around with them.
The problem was that it spread like wildfire, and in just a couple of weeks there was thousands of machines and it was spreading exponentially, with no way for me to stop it. That's when I realized that it might have been a stupid idea and that I should probably remove any traces of my involvement.
The problem is letting other people use it; of course it's nice to help people, and it's altruistic to do so for free, but some of those people might actually need this homework to learn, and you may have deprived them of that. (Although I also think watching a video and doing some multiple choice questions is the laziest low-effort homework assignment there is, and the damage may not have been all that big.) But you used logic and programming to work around a math problem, which are roughly in the same field, so I think that's fair.
A slightly similar situation: my previous job was at a bank, and banks over here are bound by all sorts of ethics and rules, and are required to regularly train all their employees in balancing the interests of customers, society, and the bank. This bank did that by gamifying it: we had an app where we had to answer all sorts of ethical questions and make sure our score in the app was over 70% at the end of every month.
A coworker used our testing framework to access the app, answer questions randomly like you did, and store the correct answer to use next time. It apparently worked very well, but using tech to avoid ethics questions is quite a different issue than yours. (He shared it with me when he left, and I tried it, but it didn't work for me.)
In the world of Music Conservatories, practice space is limited and there is a lot of competition to get a room booked. Many places use a niche scheduling product called Asimut specifically tailored to conservatories. Depending on how it is set up, for example, you could book a room 72 hours in advance on a rolling basis - this mean people were always on their phones booking rooms and then extending their booking times.
As you can guess, I wrote a simple python script that lived on a vps and read a schedule and list of my favourite rooms from a text file, would wait until the right time and book/extend for me with my username and password. Never told anyone except my girlfriend, who spent enough time with me to realize I was making bookings without ever looking at my phone!
To prevent copying, while the equations needed remained the same, the numbers (inputs to what you had to work out) varied across user sessions.
One lad in the course wrote a website that he updated weekly that mimicked the UI/UX, you would plug in the values WP gave you and it would emit an answer.
The following year I took over maintaining it, and ended up in a spot of bother with the administration.
There was also another homework website that some lectures made us use, which did all the shit client side in JS. You could just inspect element and get the answer.
I honestly still don't get the point of those additional homeworks, on top of assignment and lab report workloads at university. They seemed to only exist to loosely tick a box regarding "continuous assessment".
Relatedly, they also implemented 5% credit for attendance by proxy by making us rent these radio " clickers" from the university, each with a unique ID tied to a student.
During lectures, there would be multiple choice questions asked, where the answer was irrelevant - it was a means of counting attendance.
Naturally by the second month people were delegating their clicker to someone else if they needed to skip a class.
A couple of years later, smartphone apps replaced the clickers, and SDR became affordable, granting the university a near-miss from any radio shenanigans.
It's basically like this: You get a starting number, have to multiply it with 2, then it's result with 3, then this result with 4, until you multiplied it with 9. After that you had to divide it by 2, then by 3, ... and finally by 9 and end up with the same number you started with. Sometimes even higher than 9.
Since our teachers understood that there are calculators and even kids like me who knew how to write loops in Basic code, they chose the numbers big enough to result in scientific format or overflows, so that at a certain step the precise calculation could not be done any more with a calculator or computer program.
So I wrote a Basic program which did multiplications and divisions the way you would do it manually with strings. From this point on I was only limited by the amount of memory, which wasn't an issue since my Amiga 500 had 1 MB of Ram.
Although I guess that applies to sql injection as well so in theory there was really potential legal trouble here?
Instead of saying "What are we doing that isn't capturing the students interest in these tasks? How can we connect this subject to the students most meaningful, important, and immediate concerns and goals? What concepts from this subject can we teach the student that'll help them achieve those salient goals?"
The creators of these companies seem less concerned with actual long-term meaningful learning and more concerned with playing policemen.
Educational institutions need to be way more student-driven and student-concerned, allowing the student to shape their journey, as opposed to turning out cogs for the system like military training.
Alternatives exist like behavior analysis's programmed instruction, but even that needs a radical upgrade or integration with AI.
It makes me think that high school is still too generalized. I think I only got to pick about half my courses and even those had to fit into certain bins. Couldn’t do too many tech courses. Had to have an arts course each year. Stuff like that.
If students have _any_ personal inclination towards any course we should enable them to take it without any bureaucracy. One of the most precious and fleeting resources is when a teen is self-motivated over education.
This sounds like it's normalizing invasive surveillance. Getting kids used to the notion that their teachers should be able to monitor their online educational activities... and then, if governments and corporations are tracking all your internet activity, email communications, phone location data - it's just the way things are done! Now have a social credit score, it's like a grade in life...
That said, I wonder if there's a similar approach, some scripts users could run to artificially boost their social credit score (in China, for example). Just something that would run in the background - it could send pithy positive tweets, visit all the government-approved websites, etc. - all with no need for the user to be involved.
It was pretty dumb, using the exact "algorithms" we were taught to do it by hand. It would even "show the work" so I could transcribe it. In the end, it probably took as much time to input the homework into the program, and then transcribe all the answers, making sure to fake it so it looked like I did the work, as just doing the homework. Not to mention actually writing the program, but that part was really fun. I remember turning on a small night light when I was supposed to be past bed time so I could scribble down algorithms or solutions to bugs on a piece of paper so I could implement them the next day.
If I had been a bit smarter, I might have realized that I could have used a CAS that already existed. Not sure if there were many open-source ones (that could run on windows) back then (2003-2004) though, just looked and sympy was released in 2007.
I was in a group that, unlike our "pure" sales brothers & sisters, spent a lot of time in the office. The whole hot desk was a big PITA because we had to reserve our desks and we could only reserve, I think, 1 week in advance.
But, one of my colleagues figured out that the back-end of the reservation system had an RMI interface and it didn't do any validation of the reservation requests. So he wrote a CLI utility that let us reserve the same offices week after week.
We would've gotten away with it except that the head of sales realized one Monday morning that we always seemed to be sitting in the same place. I guess she made some enquiries because not long after that, we were all called into her office and made to promise that we wouldn't hack the reservation system anymore.
At the bard so famously wrote, "Pride goeth before a fall." :)