|
⇤ ← Revision 1 as of 2006-01-11 23:14:59
Size: 1664
Comment: Introduce the giant hack that is FlyingFish
|
Size: 2257
Comment: jellyfish
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 16: | Line 16: |
== Jellyfish == At one point some students studying ["IntroductionToMechanicsAMEC1001"] (well, E101) discovered that one could press ? and enter and the answer would be revealed. This feature was originally intended for tutors to use, as they could bring up a ? button on the interface somehow, but it functioned by the input field instead of making a direct call. This has now been fixed. Additionally, since it's client-side Java it's not too hard to disassemble it to reveal the algorithm used to generate the problem, which is often sufficient information to work out the answer. |
FlyingFish is the FacMedDent Internet curriculum delivery system, based on Jellyfish (see also ["Mallard"]). It was developed by KevinJudd and ProfessorStone from the School of Mathematics, and sold to half-a-dozen installations which are still online.
It runs on a Windows platform as a GUI-based server. It tends to be extremely unreliable under load, occasionally forgets that files exist, and has benefited from few developments in Web-serving technology since about 2000.
Careful use of Google's Internet caching mechanism has turned up a copy of [http://zanchey.ucc.asn.au/pub/flyingfish-docs.pdf the FlyingFish manual], which is entertaining to read.
In FacMedDent
Each discipline (Medicine, Dentistry, Podiatry) has its own FlyingFish instance, and there is some evil hackery which allows a degree of collusion between the Med and Dent instances. There are also special-purpose instances set up for things like on-line supervised assessments (usually firewalled to the subnet of the MCL or wherever the test is being taken).
Security
There are several known security and pseudo-security issues in FlyingFish, although none are exploitable as an anonymous user.
For example, issuing a bogus URL with ?CMD=Forum tacked on to the end will allow you to visit a bogus forum (whose name can be controlled by the URL submitted). Posting a message to this forum will result in it showing up on everyone's forum changes page. (Several people had their forum access revoked in mid-2005 for creating what The Powers That Be referred to as rogue fora. The term soon mutated to become slang for certain female genital infections.)
Jellyfish
At one point some students studying ["IntroductionToMechanicsAMEC1001"] (well, E101) discovered that one could press ? and enter and the answer would be revealed. This feature was originally intended for tutors to use, as they could bring up a ? button on the interface somehow, but it functioned by the input field instead of making a direct call. This has now been fixed.
Additionally, since it's client-side Java it's not too hard to disassemble it to reveal the algorithm used to generate the problem, which is often sufficient information to work out the answer.
