Reanimation

All right, I think I'm gonna bring this thing back to life in a while. I have a lot of essays that I could post here, plus stuff I could comment about... if I ever get around to it. I think I'll get around to it relatively soon (in the next few months). But I could be wrong.

Letter to newspaper: Drill homework sucks

This is a letter that I sent to Campanile, my school's newspaper. They had to cut it down somewhat to make it fit (space is at a premium on printed newspaper), but they still printed it in Monday's issue. Teh awesome. Here's the original.

Dear Campanile,

I believe that the practice of assigning mandatory "drill"-type homework is insulting to students and that it should be stopped. Take this hypothetical example: An English teacher gives his students a list of vocabulary words and says there will be a quiz on the words at the end of the week. Then he assigns them the task of copying out each word and its definition--and those who fail to do so will get graded down.

This sort of thing is so commonplace that you're probably thinking, "…Yeah? So?" So, here's how I look at it. The students know they have to learn the words by Friday; that is enough to get any responsible student to study. So why would the teacher have to threaten them with a bad grade on the homework to make them study? It's completely redundant… for any responsible student. The teacher must therefore believe his students are not responsible. This is the key: When students already know they have to study, forcing them to do it is equivalent to telling them, "You are too lazy, disobedient, or otherwise irresponsible to study on your own."

Throughout elementary and middle school, my teachers told us that one of the most important things to them was respect. This type of drill homework is completely at odds with that doctrine. If you respect a student's intelligence, you tell him, "Learn these concepts for the test. This worksheet might be a helpful study tool, but you're the one who knows best how you learn. You decide how to study." Making him fill out the worksheet effectively tells him, "You don't know how to study and you won't unless I make you. Now do this, or else."

I don't think this is good for the kids. If, all your life, you're told by implication that you will not do anything productive except under close supervision and the carrot and stick of good and bad grades, you start to believe it and make it true. Teachers who wonder why kids are so irresponsible these days can find the answer here: That's how they've been taught.

If Paly is so proud of its great students, it should treat them with the respect they deserve. Paly does do this to a degree; my English teacher example was purely hypothetical, and he follows the laissez-faire method I advocated above. But Paly still has a long way to go before its policies show the respect it claims to have for its students.

My English ezzay: Hacking, take II

I was supposed to write an essay about an experience that affected me personally (or something along those lines), so I did this. I got a 98! There may be some formatting issues with pasting this from Word, and I may or may not get around to fixing them at some point.

H4xx0r1n9

Although my school doth claim to love its kids,
The principal is quick and harsh to act
To punish those who do what she forbids,
Or so she thinks. And yet, in point of fact,
The crimes the students 'posedly commit
Are often not as great as they appear
To this old crone. The punishment should fit
The violation of the rules laid here.
A simple lecture and a job to do
Suffices to reform a student's ways.
But treating him as Nazi treats a Jew
Brings mutiny, not goodness, to his gaze.
This is the story of a deed arcane
To she who, nonetheless, put me in chain.

My tale begins with my first semester of eighth grade, at Jordan Middle School. My electives were Webpage Design 1B and Computer Applications. The first was fun and interesting – I get to make webpages and mess around with HTML code! – but Computer Applications was basically typing class and how to use Microsoft Word. I type at 60-70 words per minute and I've used Word since probably third grade, so as you can imagine, I finished the assignments way ahead of time.

Theoretically, those who finished early would do an extra-credit assignment: create a crossword puzzle. I wrote up 20 questions and answers for the puzzle, but I didn't turn it in for some combination of reasons: my memory flags here, but I think they were a) no one else was done with it and we were supposed to exchange puzzles with a partner, and b) the next extra credit after that was something called the Cookbook project, which sounded really icky, and I didn't want to have to do that.

Since the only work left was the extra credit, which I was not doing, I had nothing to do. So I looked for ways to pass the time without openly playing games – the teacher had this software that let him see (and lock) your computer, and people who played Reckless Drivin' usually got busted. I was bored, and when you're bored, you do any random thing that occurs to you, within legal limits.

I played with the computer by, for example, making one untitled, empty folder, then telling the computer to duplicate it a bunch of times. Ever heard of the legend of the guy who asked the king for one grain of rice on one square of a chessboard, two grains on the next, four on the third, and so on? It takes 30 squares to get a billion grains of rice. I would keep multiplying my folders by two until it started to take the computer minutes at a time to create the folders. Then, at the end of the day, I would delete what I had done.

But that got boring after a while. Seen one gigabyte of untitled folders, seen them all. I looked around for other things I could do. I figured that as long as I was on the school's website, I could look like I was doing academic work. So I explored InClass, the online student's tool that we use throughout the PAUSD, including here at Paly. I idly clicked through every link I saw, looking for anything interesting.

One thing that struck me was how InClass seemed to be put together by adults – that is to say, idiots (no offense to members of the older generation) – who used tools made by smarter people and clumsily assembled them without knowing what they were doing. The best example is the message system. When you wrote a message, you could send it to one or many users, or everyone in your class; you could make text bold or italic, or put in mathematical symbols… I believe it even had a spellchecker. The message-writing system was, simply, excellent.

The message-receiving system, on the other hand, was not. If you wanted to check your mail, you had to navigate through three or four pages to reach the inbox – and then do it six more times, because there was a separate inbox for each class. If you got mail, you wouldn't know about it until you found it in one of those seven inboxes, because there was no incoming-message notification. So checking your mail was not worth the effort; therefore, there was no point in sending a message, because no one would check their mail to read it; therefore, the wonderful message system was completely wasted. Typical adults, I thought.

As I thought of all this, it occurred to me that maybe there were other places they'd messed up. Maybe they've forgotten something important. So I tried more random clicking around, and eventually I got an idea: When you click on one of your courses, the address bar displays something like this:

http://k2.pausd.org/blah blah blah…/courseid=49803

I thought, what happens if I put in a different number for the course ID? I entered some numbers at random. It said:

Access Denied
Either you are not logged in or you do not have the appropriate privileges to perform this action.

I tried a few more numbers. On about the fifth try, it displayed a course page. I had reached the page of a sixth-grade science class.

I thought, "Whoa! Cool! Now what can I do?" I clicked around. Most of the stuff didn't work – not being in that class, I don't have grades or a personal file – but after looking around, I discovered I could write a note on something called the Electric Blackboard of that class. I'm still not quite sure what the Electric Blackboard is for, but you can write notes that the teacher can supposedly see. I wrote something like this.

zomg u got h4xx0r3d!!11 lolz noob
Just kidding. I don't actually know how to hack. But I discovered a gap in InClass' security system. I can get to the page of a course that I'm not logged in to. However, don't worry; I can't actually do anything, other than write this note.

After I did that, I discovered that I was now a guest in that class. I thought, "Cool… Weird. Does it work more than once?" Using that method, I added myself as a guest to another couple of courses. Indeed, it worked every time I tried it.
I was really excited about this. I had just figured out how to do something I'm not supposed be able to do! On a whim, I wrote a task on InClass: "H4xx0r1n9. See if the InClass people can see what you've written." Then I showed my friends, including one of my old (well, about age 25) teachers from a summer camp. The ex-teacher said "Whoa there! Bad idea. I heard about a kid who found a security hole in the school's system and got kicked out for it." Oh snap!

In my excitement, I was thinking of showing my discovery to the computer teacher so he could fix it. But now that my butt was in danger from paranoid administrators, my self-preservation instinct kicked in. I did my research. Using Google, I found on the internet several examples of the same thing happening: guy finds a security hole, messes with it, tells the administration how to fix it, and they slap him with the worst punishments they can give without actually murdering him. I didn't want to become another example.

So I deleted what I wrote on the Blackboard by overwriting it with a blank space, and I resolved not to mention it to the school. But I couldn't figure out how to un-enroll myself as a guest from all these courses. What now? I figured, "Well, if I triggered some notification, then they already know and there's nothing I can do about it. But if writing on the Electric Blackboard doesn't trigger a notification, then they don't know and I may as well just keep doing this." Which didn't sound very good to the… well, I'll get to that.

Over the next couple of weeks, when I was bored in Comp App, I would go add myself as a guest to a few more courses. It took about 10 seconds to do each one, so I got into a total of, I believe, 151 courses. Then… one day on the weekend, I log in and I'm only in the normal 7 classes. The Electric Blackboard no longer exists. I try getting to one of the courses I got to before, and it says:

Access Denied
Access has been disabled.

They've found out! Uh-oh…

And yet, they did such a freaking bad job of "fixing" what I did. I checked and I could still a) preview InClass as a guest and get to the courses that they blocked me from, and b) get to any other course that I hadn't reached before. As I write this, it becomes clear what happened: They must have gone and manually added a "John Boyle's account may not access this page" tag to all 151 pages, instead of simply telling the computer "Only users who belong to a course may access it." So that's why she said they spent hours on the problem. Stupid adults…

Here's an analogy. InClass corresponds to the school, courses are locked classrooms, and the computer system is the teachers. I discover that the windows were open, so I reach in and write my name on the whiteboards of several classrooms. Their response is to take away the whiteboards and tell each of those teachers, in person, what I look like and not to let me in. It's stupid on so many levels:
1. The window is still open.
2. Having a random, inexplicable name on the whiteboards is not worth such drastic measures. The only harm it can cause is confusion ("WTF is that name doing there?").
3. Even if telling the teacher was necessary to keep me out and did keep me out (neither of which is the case), it still doesn't work. Firstly, anyone else can get in freely, and secondly, I can get into any other classroom just fine.
Pardon my ranting. Back to the story.

So, the next day, I went during lunch to see the webmaster, who is also the art teacher. I said something like, "Hi, um, I'm the guy who's been messing around with InClass… so, uh… (awkward pause)… Sorry about that…" She (now "she" means the webmaster, not the principal) said I was going to be called to a meeting with the principal later to talk about it. Near the beginning of fifth period, I got a call slip, took a deep breath, and jogged to the principal's office…

In the principal's office were the webmaster and the principal. The latter did most of the talking, the former being there more or less only to produce evidence. When I sat down, I think the principal said "Do you know why you're here?" I said "I think so…" and told a condensed version of the above story, emphasizing that I wasn't trying to, and didn't, cause harm. I asked whether I was going to be punished, and she said yes. Her reasoning was that I broke the school computer contract; therefore (regardless of whether I actually did anything wrong), I had to face the punishment (which the contract specifies as "ranging from loss of privileges to [bad stuff like suspension]" – it doesn't say how long the privileges may be lost), and, she said, I was lucky to not be suspended and get only this:

[John] is banned from computer use for the remainder of the semester. As a result, his schedule, which contains 2 computer classes, was changed.
—The referral form I have in front of me

I spent the whole period arguing with her. I said, to no avail, that I didn't cause any harm other than the admins' ungrounded panic; that there was still a problem with the system (it may still be there today); that there was no point punishing me because now I know not to do it again; that I could show them how to fix the system (the webmaster didn't do anything when I pointed out I could still get to the courses)… nope. She paid no heed to my pleas for mercy, even when I started to cry from frustration.

Eventually, the bell rang and I had to go. I had P.E. next, but my stuff was in the 5th period classroom and the door was locked when I got there. Still sobbing faintly, I wasn't exactly in the mood for running, especially without my P.E. clothes. So I spent 6th period in the library (best choice for the only time I cut class, I'd say), where I poured out my story to the librarian and slowly regained control of myself.


I told my mom what happened as she was driving me home. She supported me, and she emailed the principal to complain. I don't have her email, but I do have the principal's reply (without the salutations and the name of the guidance counselor, though that last name doesn't really make a difference):

I am sorry you feel that I did not handle your son in a sensitive manner.

In answer to your concern about the exact nature of John's offense, I received information from site and District personnel that John violated the Internet policy by signing onto 151 accounts without authorization. Site, District, and Blackboard.com personnel spent many hours, including time over the weekend, researching researching this violation. In addition, John used a "hackers code" to do gain access to the system and admits to it. The is not what I think; it is the opinion of experts in that field.

John told me that at one point he spoke with someone at CTY about what he did. Even after being told by someone at CTY that "students who do similar kinds of things can be expelled," he continued to access unauthorized accounts.

I am also sorry that John does not like the choices offered him in terms of electives. However, that is the consequence of his actions. I know John has always been a model in terms of his behavior. In this case, he made a mistake, as we all do. Again, I will work with [the guidance counselor] to investigate the choices available to him.
—Email forwarded from Mom

Lessee. Factual errors:
1. I did not sign onto 151 accounts. I got to 151 pages on my own account.
2. The "hacker's code" references my "H4xx0r1n9" task. Leet (1337) is not a "hacker's code". It's an old form of being k3w1 that is now used as a joke.
3. You do not gain access to a system by spelling words 1y|<3 7h1s. You gain access to a system by guessing passwords or bypassing security. God help us if it is the opinion of "experts in the field" that I got into the system by writing the word "h4xx0r1n9". One can only conclude that these "experts" must be adults. (Heh heh. Pardon me.)
And as I referenced earlier, she didn't like (or understand) my reasoning to keep doing it. I said that I figured either I had already been caught or I would never be caught, and either way there wasn't much to lose by continuing. She heard that as "Someone told me it's wrong, but I didn't listen and kept doing it." But anyway – once again, back to the story.

I couldn't believe they would actually go through with this. There was talk of my sister, who works for Microsoft, going to talk some sense into the Blackboard "experts", but for some reason we never got around to that. Meanwhile, I got used to my new schedule. I ended up being put in 3rd period Drama 1A, which I had taken the year before but was nevertheless fun, and I had 2nd period free, which was kind of nice as a time to do my math homework.

Talking to the adults didn't work, but I was determined not to let this injustice go unpunished, to the degree that I could punish them. I wasn't going to disobey my ban on computers, however – breaking school rules again would be stupid. So I did what I could: I told all of my friends about it and posted about it on my blog, scavengedwisdom.blogspot.com. There, I basically explained what happened and went into great detail about how stupid the adults were, as I have done in this essay.

Other than that, there wasn't much I could do. If I were slightly dumber, I would have gone and learned how to actually hack InClass and do some real damage. On my blog, I mentioned that as a reason why it was stupid to punish me like this – i.e. it gives me ample reason to commit the crime I'm being punished for. Fortunately, I'm not stupid enough to do that, so I merely wrote about the possibility.

Now, on to how this incident affected me. Basically, I learned a valuable lesson: authority can't always be trusted to know what it's doing and to do the right thing. I then extended this into a stronger, more controversial form: "School administrators are out to get you." Well, more accurately, "This particular principal doesn't want problems from her students and is excessively punitive when it comes to transgressions she doesn't understand. And, from what I've heard, crimes that she does understand. Watch out for this in the future."

So I have developed a strong distrust of school administration and any teachers that seem too much like "them". That is, if they're too restrictive or make you do things like posters that are really pointless distractions from the material (in my opinion; maybe others actually like posters, but I hate drawing; I learn the stuff and I prefer to just explain it and use diagrams only when necessary).

Such teachers seem more concerned with kids in this contradictory abstraction: Kids who are mature and eager to learn, yet need cutesy things like the above posters to stay interested, or the self-help stuff in the Jordan binder reminder (my god, that was sickening… smiling people on every page, trademarked phrases like "Sharpen the Saw"); kids who are good and obedient but require constant threats of detention, suspension, and being dropped from class to refrain from tardiness, drugs, and so on. Paul Graham said:

Your teachers are always telling you to behave like adults. I wonder if they'd like it if you did. You may be loud and disorganized, but you're very docile compared to adults… Imagine the reaction of an FBI agent or taxi driver or reporter to being told they had to ask permission to go the bathroom, and only one person could go at a time.
—"What You'll Wish You'd Known"

In short, I don't like teachers and administrators who are out of touch with students, whose policies come from bureaucracy and what's fashionable instead of from experience with real kids. Correspondingly, I love teachers who are the opposite, who respect their students and just want them to learn, who don't make their kids jump through unnecessary hoops. Teachers who treat us like adults and give us the privileges and respect we deserve along with the responsibilities.

So. I would say that my little experience here was one of the events that made me who I am today: a libertarian, essentially. It forced me to shed some of my idealism, to realize that when "the system" screws up, sometimes I just have to deal with it. I now take seriously my duty as an American to prevent the government from being like the school administration, so I've started writing essays and talking about issues with my friends. I'm also considering coming back to the school to try and fix it when I'm officially an adult. I figure that I owe it to the next generation to prevent this from happening to them.

A rather unexpected topic...

This is an email of mine. I was having a long email conversation with my CTY friends about many controversial topics. We went from gender roles to homosexuality to gun control to drinking age to the age of consent to pornography, at which point one guy got a little too offended at the idea. At some point, we got to the topic of erotic art. My little essay is so explicit, it got blocked by someone's spam filter and I had to reverse the text so the filter wouldn't recognize it.

If you're totally wtf-grossed out by the topic, that's your problem.

For the erotic art... It kinda depends on what counts as erotic. And that is relative. Take the example of a girl's thighs. If you can see them because she's lifting up her skirt, that would be pornographic, but if you can see them because she's wearing a swimsuit, that could count as art.

But that's not universal. Take a Wahabi (meaning, fundamentalist Muslim; we learned that today) to the pool and he'd either avert his eyes at the shocking sight, or start drooling. In the customs of fundamentalist Islam, all female skin is supposed to be hidden; therefore, showing any skin is pornographic.

Whereas in some European countries like France, it's quite common and nonsexual to see the bare breasts of a sunbather. To them it's just a normal thing to do, nothing to get excited about - so they don't get excited about it. However, when people wear suggestive clothes, even if they cover more than what a sunbather wears, they have the same response as we do.

At the extreme, we have nudist colonies. They treat the human body as natural and something to be proud of. To them, unless you're having sex, the naked body is not a sexual thing. I guess it boils down to this: Exposed body parts are sexual if and only if sex is the only reason they would be exposed. That seems obvious now, phrased in this way, but... here we are.

I'll put it in an even more general form: By definition, stuff is pornographic iff [this means "if and only if"] it suggests the act of sex. In our culture, you almost never see a naked woman for nonsexual purposes. Hence, to us, a picture of a naked woman is automatically porn, but to a nudist, not necessarily.


How does this apply to erotic art? I think it's basically like this: You have a painting that shows a woman who's naked for some nonsexual purpose. Someone who considers it art will just say "Hmm, a naked woman doing [whatever she's doing in the painting]." Someone who finds it erotic thinks "Hmm, a naked woman that I'd like to...". Since both interpretations are possible, depending on the mood of the observer, it is erotic art.

I think erotic art is basically the blurred line, the middle ground, the nonexistent unbiased news source (remember the hostile media effect? People on each side of the Lebanon conflict thought the news was biased towards the other side?). Those who think erotic art is porn are usually the ones who think porn is bad, and those who think it's not porn are probably also more tolerant of porn. So both sides will probably go for each other's throats, each righteously believing that the other has crossed the boundary - because they, by definition of which group they belong to, see the boundary in different places. Gleh, I'm a cynic. But there you go.

You make the judgment, part II.

My original intention was to gather a bunch of results from my poll, but I got impatient... Anyway, as the "part II" suggests, this makes sense only if you've read part I.

So, let's review what I did. I found a slight security hole, messed around for a bit, caused no harm, and told the principal everything (including even how to finish fixing it) when I was asked. I spent an hour trying to point out that the above does not merit my a) being banned from their computers for the rest of the semester, and b) subsequently having to change, halfway through the semester, out of both of my electives. They disagreed.


As an aside: It seems the authority in question knows less about the system than I do. You may think I'm just saying that out of spite, but I can actually back that up with proof.

The principal wrote, in a letter to my mom:
"He used a 'hacker's code' to gain access to the system, and admits to it. This is not my opinion, but that of several experts in the field."

Here's what actually happened: Jokingly/stupidly, I wrote the word "h4xx0r1n9" on my task list, and explained to them about 1337, hackers' slang. No one who knows a thing about computers would believe that you hack into servers by misspelling words. Especially not "experts".

Another example: The letter also said that I "violated the Internet policy by signing onto a bunch of accounts without authorization". Incorrect. I said several times during that meeting, and at least once on the previous post, that I used my own account (which, by the way, no malicious hacker would ever do) to get where there was no security.

I conclude from this that a) the principal has a highly inaccurate idea of what I did, and b) either she didn't communicate at all well with her experts, or these are some astonishingly stupid "experts". I'm not sure which one it is...


Their reasoning seems to be:
1. I broke school rules.
2. Therefore, I must be punished.
3. We have to follow the rules here. (We who make the rules. Even when it's counterproductive to do so.)
4. Of COURSE it's serious, otherwise we wouldn't have called you in. (Of COURSE we called you in, otherwise it wouldn't be serious. Of COURSE we're good at circular logic.)
5. Therefore, I must be punished in an extremely serious manner.


My rebuttal:
1. Arguably, I did not in fact break any rules. They outlaw the following, according to the "binder reminder" thingy:
- Maliciously doing stuff. (At first I had good intentions, then I had neutral intentions. Never malicious.)
- Using unauthorized accounts. (As I've said, the only account I used was my own. I'm pretty sure that's legal.)
- Altering the system. (I technically used the system, not altered it. Hey, if they follow the letter of the law and not the spirit to punish me, then I can do the same to avoid punishment.)
- Disrupting the network. (The only disruption was them blocking me.)
From the other source of rules (a "computer contract" thingy):
- "Students may not break into computer systems or [stuff like that]..." (Again, I used my own account, and I don't know how to hack into systems.)
- "...nor may they attempt to bypass any security settings." (As before, if they use technicalities, then I can too. What I did depended on the fact that there WAS no security to bypass.)

2. No, you don't have to punish me. Think: Why do we lock up murderers? Two reasons.

One, they can't commit crimes while in jail. This doesn't apply for so many reasons it's not even unfunny: a) I could use my computer at home like I am right now, so that doesn't prevent me from doing anything. b) Now that I know they don't want help with their security system, I won't try to mess around in the first place. c) They blocked me, and I told them how to fix the remaining holes, so I physically couldn't do anything.

The other reason to punish people is to teach would-be criminals not to do it. Now that you've heard what I did and the punishment, what is that really going to do? If they punish people for helping them, what lessons are you actually going to learn (other than the obvious "The school is being bureaucratically evil and dumbassed")? I think it's less along the lines of "Don't commit computer crimes" (we already know that), more like "Don't help people unless they ask for it. Don't show boldness or confidence in your own decisions or any type of individuality. Just keep your head down and avoid rocking the boat." Since this whole effing COUNTRY was founded on the principle of disobeying unjust authority, and the school has an entire week devoted to "Random Acts of Kindness", I'd say this other reason also does not apply.

I fail to see why it's right for me to be punished in this way.

3. Firstly, that's a great example to set for your students. Obey the rules even when they don't make sense. Just do what you're told. That's the kind of reasoning that leads to "Sorry, Jews, but Mr. Hitler orders me to kill you." Secondly, since the principal is the highest authority in disciplinary matters, she does not, in fact, have to follow any orders. Thirdly, the rules don't actually specify this punishment.

Let's assume we do have to follow the rules to the letter, let's take a look at what they actually say.

"Punishment may range from revocation of internet privileges and/or computer privileges to really bad stuff like suspension."

It says nothing about how long the privileges may be revoked. So no, you are not required in any way to make it that bad.

4. Explain to me how something can be serious if it has no real-world effects, other than my getting bragging rights ("Look, my course page is weird!") and a temporary fright for the people who made the system (who then verified that I didn't and couldn't do anything serious). Especially if it takes twenty seconds, maximum, to add a line of code that says "Check whether he's actually logged in."

5. So, let's see what's left of their argument:
"I might have broken school rules. It would cause much harm and no good whatsoever to punish me. The punishment or lack thereof is completely up to the principal. And the infraction, by all intelligent standards, was not serious. Therefore, the principal should and must give me a very severe punishment."
I think that argument's absurdity speaks for itself.


To summarize: There is no reason - moral or legal - for me to be punished in this way. An error of this magnitude must be corrected. If students in general learn that nothing has been done about such injustice, then the school is likely to lose their trust, to some degree at least. That may sound like a threat, but it's more like a fact of life. The principal should be held responsible for her decisions, especially when one of the school's major buzzwords is "Responsibility", and the people under her jurisdiction have a right to know what's really happening. Such is one of the fundamental principles of democracy, and that's why I'm writing about it.

Just in case, I'm taking the precaution of using no names whatsoever, so they can't demand that I delete my blog. (sticks tongue out at them) If you want to aid my little campaign against injustice, I recommend telling people to read this and posting your poll comment. Can't hurt to be able to tell the principal "Either you're wrong, or [a bunch of people, including all the "experts"] are wrong. Which do you think is more likely?"

Poll question: Do you think their decision was correct? (Or, more accurately, "How incorrect would you say they are?")



UPDATE: You know what's so friggen ironic? A year later, they added a course catalog that does exactly what I was doing, minus the part that added me as a guest.

You make the judgment.

Let's take a hypothetical situation. Not really hypothetical, but bear with me.

Let's say I'm exploring the school's online system, looking for something I can do. At some point, it occurs to me how cool it would be if I found a security hole and helped the adults fix it. Using a bit of ingenuity, I figure out how to get to the blank page of a course that I'm not taking (I simply look at the address bar, find where it says "courseid=[numbers]", and enter a different number). I click around and find there is indeed something I can use without logging in. Specifically, a sort of private message board (called the "blackboard"), which only I and the teacher can see. I write something to the effect of "You got hacked! Well, not really. You'll be glad to know that a) I'm not trying to do anything bad, and b) your system is good enough that I (and everyone else) actually CAN'T do anything bad."

As an aside, I'm not even accessing anyone's accounts. I don't KNOW how to hack into people's accounts. (What, use mind-reading skillz to get their password?) I'm using my own account to get to where they didn't put up any security. So, arguably, I haven't technically broken a rule. Anyway, back to the story.

I then discover that leaving that post adds myself as a guest to that course. Not, you understand, to the actual class; just on the list shown on my student page. I try this a few more times, confirming this. Then I tell a few friends about it. They advise me to stop doing the above, because schools don't take kindly to hacking, even when it's harmless and/or done to help them. I use Google to find several instances of something like this happening: a kid finds a security hole, does a bit of tinkering to be sure about the details, tells the school, and gets suspended or something. Therefore, I conclude, I shouldn't even tell them about this little "hack" (if it can be called that, which I doubt), and I delete the message I wrote. However, I can't get the course off my course list. Since this "damage" has already been done - I can't fix that part of what I did - I decide it won't make a difference if I continue doing more of the same (in retrospect, that was probably a misjudgment).

Eventually, the school finds out. I'm called in to the principal's office, along with the webmaster. I immediately tell them everything I've done and why, and actually a bit more: where the hole hasn't been completely filled up. See, they've blocked my account from getting to those courses, but anyone else could still get there (in fact, I myself could log in as a guest and do that). So I help them fix that little bit as well.

So, here's the effect of my actions: My student page looks weird, because I suddenly have a bunch of extra courses; the administrators got temporarily freaked out, afraid I had actually gotten into their system (which, of course, I hadn't, couldn't, and wouldn't anyway); and their system, with a bit of help from me, has been improved.

Now, you decide: What punishment, if any, do you think I should get? I vote for the punishment "Getting a ten-minute lecture on why I shouldn't mess with stuff."

By the way, if you think I should be banned from the computers for a time, you should factor this into your decision: Both of my electives are computer classes. If, say, I get banned for a month, then I'll have to either make up a month's work at home (a total of 32 hours of class time), or change classes halfway through the semester.

Post your opinion in the comments page, if possible. Then examine part II, in which I tell you what they decided to do.

A Way to Nullify Irritatingly Small Change

According to a recent article, if memory serves (I'm too lazy to actually look up minor details like whether I'm correct), it now costs more money for the U.S. Treasury to produce a penny than the penny is actually worth.

Let's consider this: Is it actually worth the time to mess around with pennies? Let's say it takes 5 seconds to pick up a penny and put it somewhere like your wallet. If that were your job, you'd make (calculatory skillz...) $7.20 per hour. This is less than minimum wage. Therefore, it actually saves money to just leave the penny on the counter.

However, this solution loses you a bit of cash. Let's try to figure out how to keep your cents (if discarding sense, ha ha ha; that needed saying) without using pennies. How can you pay someone 1/5 of the smallest denomination possible, if we junkify pennies and just use nickels? Here's where you get to use your probability skillz (or lack thereof): What if you give someone a 1/5 chance that they win a nickel? The expected value of that is 1 cent. Idea!

Now, the question is, how can one make a really fast coinflip that both the customer and the cashier consider fair? If you put a randomization function into the cash register, the customer might get suspicious. Therefore, try this functional randomizer (repetition!).

Whenever someone doesn't feel like getting small change, he adds that amount to a display that counts unused change. If that amount exceeds 5 cents, then he gets a nickel and the count is reduced by 5. Otherwise, the counter remains in place for the next customer. This does indeed give you the right probability for getting a nickel, if you assume all numbers 0-4 are equally likely. In fact, this lets you customize your level of accuracy; if you don't give a cheese about anything less than a quarter, you can just not collect that. If enough people do this, then it speeds up cash transactions AND it gives you the right expected payoff. It seems to work for everyone. Skillziness!

Comment if you think this is brilliant or numbskulled, or if you have a suggestion. I can edit this thing to include your ideas...

Or mine. It just occurred to me: Couldn't someone exchange $10,000,000 for a billion pennies from the Treasury, then melt it all together and sell them the metal for $10,100,000 (or whatever the exact number is)? It'd be funny, at any rate...

To John's comment: By strategically waiting in line, you're getting yourself 4 cents, max. Not even that, in fact. Let's assume everyone else's purchases have randomly distributed costs (meaning, 0-4 extra cents is random). Letting someone go ahead of you when the counter is at 0 (the best case) is then going to get you, on average, 2 cents. If we use my "minimum wage" cost-effectiveness model, we find that line-waiting pays minimum wage when it takes less than 10 seconds for the person in front of you to do business. I don't recall it ever taking less than 30 seconds. So, no rational person would do that. Insane people could be doing far worse things than cheating you out of 4 cents. The possibility is therefore negligible.