Let's take a hypothetical situation. Not really hypothetical, but bear with me.
Let's say I'm exploring the school's online system, looking for something I can do. At some point, it occurs to me how cool it would be if I found a security hole and helped the adults fix it. Using a bit of ingenuity, I figure out how to get to the blank page of a course that I'm not taking (I simply look at the address bar, find where it says "courseid=[numbers]", and enter a different number). I click around and find there is indeed something I can use without logging in. Specifically, a sort of private message board (called the "blackboard"), which only I and the teacher can see. I write something to the effect of "You got hacked! Well, not really. You'll be glad to know that a) I'm not trying to do anything bad, and b) your system is good enough that I (and everyone else) actually CAN'T do anything bad."
As an aside, I'm not even accessing anyone's accounts. I don't KNOW how to hack into people's accounts. (What, use mind-reading skillz to get their password?) I'm using my own account to get to where they didn't put up any security. So, arguably, I haven't technically broken a rule. Anyway, back to the story.
I then discover that leaving that post adds myself as a guest to that course. Not, you understand, to the actual class; just on the list shown on my student page. I try this a few more times, confirming this. Then I tell a few friends about it. They advise me to stop doing the above, because schools don't take kindly to hacking, even when it's harmless and/or done to help them. I use Google to find several instances of something like this happening: a kid finds a security hole, does a bit of tinkering to be sure about the details, tells the school, and gets suspended or something. Therefore, I conclude, I shouldn't even tell them about this little "hack" (if it can be called that, which I doubt), and I delete the message I wrote. However, I can't get the course off my course list. Since this "damage" has already been done - I can't fix that part of what I did - I decide it won't make a difference if I continue doing more of the same (in retrospect, that was probably a misjudgment).
Eventually, the school finds out. I'm called in to the principal's office, along with the webmaster. I immediately tell them everything I've done and why, and actually a bit more: where the hole hasn't been completely filled up. See, they've blocked my account from getting to those courses, but anyone else could still get there (in fact, I myself could log in as a guest and do that). So I help them fix that little bit as well.
So, here's the effect of my actions: My student page looks weird, because I suddenly have a bunch of extra courses; the administrators got temporarily freaked out, afraid I had actually gotten into their system (which, of course, I hadn't, couldn't, and wouldn't anyway); and their system, with a bit of help from me, has been improved.
Now, you decide: What punishment, if any, do you think I should get? I vote for the punishment "Getting a ten-minute lecture on why I shouldn't mess with stuff."
By the way, if you think I should be banned from the computers for a time, you should factor this into your decision: Both of my electives are computer classes. If, say, I get banned for a month, then I'll have to either make up a month's work at home (a total of 32 hours of class time), or change classes halfway through the semester.
Post your opinion in the comments page, if possible. Then examine part II, in which I tell you what they decided to do.
Tuesday, September 26, 2006
Friday, September 01, 2006
A Way to Nullify Irritatingly Small Change
According to a recent article, if memory serves (I'm too lazy to actually look up minor details like whether I'm correct), it now costs more money for the U.S. Treasury to produce a penny than the penny is actually worth.
Let's consider this: Is it actually worth the time to mess around with pennies? Let's say it takes 5 seconds to pick up a penny and put it somewhere like your wallet. If that were your job, you'd make (calculatory skillz...) $7.20 per hour. This is less than minimum wage. Therefore, it actually saves money to just leave the penny on the counter.
However, this solution loses you a bit of cash. Let's try to figure out how to keep your cents (if discarding sense, ha ha ha; that needed saying) without using pennies. How can you pay someone 1/5 of the smallest denomination possible, if we junkify pennies and just use nickels? Here's where you get to use your probability skillz (or lack thereof): What if you give someone a 1/5 chance that they win a nickel? The expected value of that is 1 cent. Idea!
Now, the question is, how can one make a really fast coinflip that both the customer and the cashier consider fair? If you put a randomization function into the cash register, the customer might get suspicious. Therefore, try this functional randomizer (repetition!).
Whenever someone doesn't feel like getting small change, he adds that amount to a display that counts unused change. If that amount exceeds 5 cents, then he gets a nickel and the count is reduced by 5. Otherwise, the counter remains in place for the next customer. This does indeed give you the right probability for getting a nickel, if you assume all numbers 0-4 are equally likely. In fact, this lets you customize your level of accuracy; if you don't give a cheese about anything less than a quarter, you can just not collect that. If enough people do this, then it speeds up cash transactions AND it gives you the right expected payoff. It seems to work for everyone. Skillziness!
Comment if you think this is brilliant or numbskulled, or if you have a suggestion. I can edit this thing to include your ideas...
Or mine. It just occurred to me: Couldn't someone exchange $10,000,000 for a billion pennies from the Treasury, then melt it all together and sell them the metal for $10,100,000 (or whatever the exact number is)? It'd be funny, at any rate...
To John's comment: By strategically waiting in line, you're getting yourself 4 cents, max. Not even that, in fact. Let's assume everyone else's purchases have randomly distributed costs (meaning, 0-4 extra cents is random). Letting someone go ahead of you when the counter is at 0 (the best case) is then going to get you, on average, 2 cents. If we use my "minimum wage" cost-effectiveness model, we find that line-waiting pays minimum wage when it takes less than 10 seconds for the person in front of you to do business. I don't recall it ever taking less than 30 seconds. So, no rational person would do that. Insane people could be doing far worse things than cheating you out of 4 cents. The possibility is therefore negligible.
Let's consider this: Is it actually worth the time to mess around with pennies? Let's say it takes 5 seconds to pick up a penny and put it somewhere like your wallet. If that were your job, you'd make (calculatory skillz...) $7.20 per hour. This is less than minimum wage. Therefore, it actually saves money to just leave the penny on the counter.
However, this solution loses you a bit of cash. Let's try to figure out how to keep your cents (if discarding sense, ha ha ha; that needed saying) without using pennies. How can you pay someone 1/5 of the smallest denomination possible, if we junkify pennies and just use nickels? Here's where you get to use your probability skillz (or lack thereof): What if you give someone a 1/5 chance that they win a nickel? The expected value of that is 1 cent. Idea!
Now, the question is, how can one make a really fast coinflip that both the customer and the cashier consider fair? If you put a randomization function into the cash register, the customer might get suspicious. Therefore, try this functional randomizer (repetition!).
Whenever someone doesn't feel like getting small change, he adds that amount to a display that counts unused change. If that amount exceeds 5 cents, then he gets a nickel and the count is reduced by 5. Otherwise, the counter remains in place for the next customer. This does indeed give you the right probability for getting a nickel, if you assume all numbers 0-4 are equally likely. In fact, this lets you customize your level of accuracy; if you don't give a cheese about anything less than a quarter, you can just not collect that. If enough people do this, then it speeds up cash transactions AND it gives you the right expected payoff. It seems to work for everyone. Skillziness!
Comment if you think this is brilliant or numbskulled, or if you have a suggestion. I can edit this thing to include your ideas...
Or mine. It just occurred to me: Couldn't someone exchange $10,000,000 for a billion pennies from the Treasury, then melt it all together and sell them the metal for $10,100,000 (or whatever the exact number is)? It'd be funny, at any rate...
To John's comment: By strategically waiting in line, you're getting yourself 4 cents, max. Not even that, in fact. Let's assume everyone else's purchases have randomly distributed costs (meaning, 0-4 extra cents is random). Letting someone go ahead of you when the counter is at 0 (the best case) is then going to get you, on average, 2 cents. If we use my "minimum wage" cost-effectiveness model, we find that line-waiting pays minimum wage when it takes less than 10 seconds for the person in front of you to do business. I don't recall it ever taking less than 30 seconds. So, no rational person would do that. Insane people could be doing far worse things than cheating you out of 4 cents. The possibility is therefore negligible.
Subscribe to:
Posts (Atom)