Hi All,
Have a look at this:
http://www.justanswer.com/questions/2jqzf-https-webwork-math-nau-edu
What's interesting is that the student provides a link to the hardcopy of his homework assignment:
https://webwork.math.nau.edu/webwork2_course_files/JNeuberger_136/tmp/hardcopy/JNeuberger_136.ama273.ww6.pdf
It's interesting that (a) the student(s) have learned that this works and (b) the link above *still* works for me.
Jason
My guess is that the temporary files are only emptied on server reboot, or a manual cleanup by the sysadmin. Is this correct, someone in the know?
If so, that makes working against this kind of cheating somewhat difficult.
If so, that makes working against this kind of cheating somewhat difficult.
Even if you did remove the temporary pdf file soon after it's created, it would be easy enough to save it somewhere else and attach it to a question posted to a math help website.
Webwork is vulnerable to the same kind of cheating as any homework. Any student who is determined/desperate enough can find someone to do their HW for them. In the days of Wolfram Alpha, they don't even need a live person to help them. Such students probably won't perform too well on exams.
Imre
Webwork is vulnerable to the same kind of cheating as any homework. Any student who is determined/desperate enough can find someone to do their HW for them. In the days of Wolfram Alpha, they don't even need a live person to help them. Such students probably won't perform too well on exams.
Imre
Or is this behavior intentional? I know when an instructor is emailed, it includes a link to the problem. We need to make sure that all problems are secured. I can only assume as WebWork's profile has increased the desire of students to break into it has increased.
I'm not sure if I see the WeBWorK-specific vulnerability.
Any homework assignment is vulnerable to having someone "cheat" on the assignment. Regardless of how "secure" WeBWorK is, a student can save the hardcopy pdf and email that to someone to ask them to solve the problems for them.
Similarly, if a student is assigned 20 problems out of Stewart, they can email for help on those problems as well.
And frankly, I don't see a crisis in either situation. I think homework is a teaching tool. I assign homework problems so that students will use those problems both to understand the material and to learn how to do similar problems.
A student who "cheats" is then bound to do badly on exams. (If he or she somehow does well on exams after having someone else do his or her homework, then either he has learned the material another way, which is fine, or he is cheating on the exam, which is another issue).
I do think it is important to make sure that a student who does homework well but bombs exams can't end up doing well in a course. My preferred solution has always been to grade and assign credit for homework (which encourages students to do it) but not more than 20-30 percent of the total course credit.
Hal
Any homework assignment is vulnerable to having someone "cheat" on the assignment. Regardless of how "secure" WeBWorK is, a student can save the hardcopy pdf and email that to someone to ask them to solve the problems for them.
Similarly, if a student is assigned 20 problems out of Stewart, they can email for help on those problems as well.
And frankly, I don't see a crisis in either situation. I think homework is a teaching tool. I assign homework problems so that students will use those problems both to understand the material and to learn how to do similar problems.
A student who "cheats" is then bound to do badly on exams. (If he or she somehow does well on exams after having someone else do his or her homework, then either he has learned the material another way, which is fine, or he is cheating on the exam, which is another issue).
I do think it is important to make sure that a student who does homework well but bombs exams can't end up doing well in a course. My preferred solution has always been to grade and assign credit for homework (which encourages students to do it) but not more than 20-30 percent of the total course credit.
Hal
Wonderful! First cramster.com compromises using textbook problems. Now this site compromises WeBWorK.
The conclusion I'm drawing: don't grade homework at all. (Collect and correct/comment upon it if desired, just don't give credit for it.) Actually, that's the way things were when I was an undergraduate math major. We were assigned homework, of course, but the only thing that "counted" were the exams -- where cramster and kin were not available. (Of course as cellphones become more miniaturized....)
The conclusion I'm drawing: don't grade homework at all. (Collect and correct/comment upon it if desired, just don't give credit for it.) Actually, that's the way things were when I was an undergraduate math major. We were assigned homework, of course, but the only thing that "counted" were the exams -- where cramster and kin were not available. (Of course as cellphones become more miniaturized....)
When I don't grade homework my students don't solve it and they do more poorly on the exams. They need constant pressure.
Of course we cannot even even check who solves the homework: the student or someone else, and I heard of people making a business out of solving the homework of others.
I see one or two students in each of my classes who do good on homework but but bad on exams. In the majority of cases I see good correlation between homework performance and exam performance.
I don't see this as a high level security risk in WeBWorK.
Andras
Of course we cannot even even check who solves the homework: the student or someone else, and I heard of people making a business out of solving the homework of others.
I see one or two students in each of my classes who do good on homework but but bad on exams. In the majority of cases I see good correlation between homework performance and exam performance.
I don't see this as a high level security risk in WeBWorK.
Andras
Mainly I was surprised that this was such a direct and brazen example of cheating. (For other examples, type "webwork" into Yahoo Answers.)
I agree that students who cheat will get what they deserve, but I would be a little uncomfortable with providing convenient hosting for it. ;) (Our installation is behind a firewall and the students students can't repeat this particular example.)
Also, I guess I didn't expect the hardcopies to stick around. But you can find (and delete) them in the file manager via html -> tmp -> hardcopies. Or, as Xiong suggested, ask the sys admin to have them deleted periodically.
My (non-expert) impression is that for this to be a security problem, someone would have had to have messed up the directory permissions during installation or at some other point. But, as a technical issue, do the hardcopies have to be world-readable? It might not be worth the effort, but another way to prevent this particular example of cheating would be to use something like pdftk to encrypt the pdf with the user's student id number (assuming the students don't want to give out their id numbers.)
Jason
I agree that students who cheat will get what they deserve, but I would be a little uncomfortable with providing convenient hosting for it. ;) (Our installation is behind a firewall and the students students can't repeat this particular example.)
Also, I guess I didn't expect the hardcopies to stick around. But you can find (and delete) them in the file manager via html -> tmp -> hardcopies. Or, as Xiong suggested, ask the sys admin to have them deleted periodically.
My (non-expert) impression is that for this to be a security problem, someone would have had to have messed up the directory permissions during installation or at some other point. But, as a technical issue, do the hardcopies have to be world-readable? It might not be worth the effort, but another way to prevent this particular example of cheating would be to use something like pdftk to encrypt the pdf with the user's student id number (assuming the students don't want to give out their id numbers.)
Jason
The solution that you're after is similar to a Powerlink I have from Blackboard to our digital repository where the VLE fetches the content from the repository and serves it to the user in an authenticated session. This means that the user never sees a URL that they can paste into a forum and has to do the extra steps of saving the document and uploading it. In our case, this protects us from accusations of copyright infringement.
WebWork could accomplish this fairly easily by creating the hardcopy filename as an MD5 hash of the user, class and set in the tmp directory and then serving the file out as a stream to the browser.
As for aggressive tackling of the cheating issue, creating a hidden tag in the PDF that Google could pick out along with an automated script that checks for those tags every week. Once found, you have your option of giving the student 0 or issuing a DMCA takedown notice and filing suit for copyright infringement if it happens to be a problem you've authored.
Boyd
WebWork could accomplish this fairly easily by creating the hardcopy filename as an MD5 hash of the user, class and set in the tmp directory and then serving the file out as a stream to the browser.
As for aggressive tackling of the cheating issue, creating a hidden tag in the PDF that Google could pick out along with an automated script that checks for those tags every week. Once found, you have your option of giving the student 0 or issuing a DMCA takedown notice and filing suit for copyright infringement if it happens to be a problem you've authored.
Boyd
One of the things I really like about webwork is that it has given me a way to interact with weaker students that "suggested" problems do not. In particular our weaker students generally not work very hard on problems that are not graded.
Our students use TI-89's, which will integrate and differentiate. I just spent a fair amount of time coding problems where the student must show all the steps so that they cannot just use their calculators.
Doing a search at wolfram|alpha on x^2*sin(x), it will show you step by step how to differentiate and integrate this function. Our students know about this site, you can't hide anything from them. My fear is not about cheating on the webwork, we have exams. My fear is that the very students that I see webwork having the most benefit for are the students that will most likely abuse this site.
As their database expands it would not be shocking to see some of the more common word problems from calculus make its way into their database. Maybe I'm being too pessimistic, the end of the term tends to do that :)
Our students use TI-89's, which will integrate and differentiate. I just spent a fair amount of time coding problems where the student must show all the steps so that they cannot just use their calculators.
Doing a search at wolfram|alpha on x^2*sin(x), it will show you step by step how to differentiate and integrate this function. Our students know about this site, you can't hide anything from them. My fear is not about cheating on the webwork, we have exams. My fear is that the very students that I see webwork having the most benefit for are the students that will most likely abuse this site.
As their database expands it would not be shocking to see some of the more common word problems from calculus make its way into their database. Maybe I'm being too pessimistic, the end of the term tends to do that :)
And then there are resources like cramster.com, which provide (often for a fee) complete, often correct, solutions to all the textbook's problems.
All this reinforces an old question: are we really teaching what ought to be taught? Why should we be teaching—at least to the extent common in so many courses—the "subhuman" pencil-pushing symbolic manipulation skills that seem to saturate the content?
One answer: A course that does otherwise—that concentrates upon actual intellectual content (motivation by means of real-world situations of actual interest to students and other humans; understanding, and by that I do not necessarily mean rigor; and genuine applications rather than the made-up pseudo-applications that permeate all too many courses)—can readily turn out to be much too sophisticated for many students. Or at least such a course requires a completely new approach to learning by students accustomed to the traditional approach of mindlessly calculating.
We're trapped, in a way!
[end rant]
All this reinforces an old question: are we really teaching what ought to be taught? Why should we be teaching—at least to the extent common in so many courses—the "subhuman" pencil-pushing symbolic manipulation skills that seem to saturate the content?
One answer: A course that does otherwise—that concentrates upon actual intellectual content (motivation by means of real-world situations of actual interest to students and other humans; understanding, and by that I do not necessarily mean rigor; and genuine applications rather than the made-up pseudo-applications that permeate all too many courses)—can readily turn out to be much too sophisticated for many students. Or at least such a course requires a completely new approach to learning by students accustomed to the traditional approach of mindlessly calculating.
We're trapped, in a way!
[end rant]