Comment on Autograding tool
foggy@lemmy.world 2 days ago
Instead of that, simplify.
Use unique salts for each assignment per student.
Align hashes with those salts to check the outcome for each students assignment.
Literally have them send you a CTF style sha256 string.
Do it step by step where each step doesn’t depend on the next, grade as a percentage of flags accurately procured.
dotdi@lemmy.world 1 day ago
Absolutely this. Even if you had fancy jails or docker setups for each submission, this will be a nightmare to properly handle. Students DOSing each other exactly before the submission deadline, too.
foggy@lemmy.world 1 day ago
I mean just for the love of God don’t spin up something on your company’s infrastructure that accepts file uploads.
Just don’t.
If you’re reading this and going “well, it’s just internal,” or “well, it doesn’t do much it just accepts this exact file type.” My god. Ask your CISA. And if they’re okay with it, cool. That’s on them.
Unless your while business is transferring files, don’t.
And if you’re still confused, the answer is to use another company’s infrastructure for this. Use Azure. Use AWS. Use Google cloud or even g suites. Don’t accept that liability. Let the trillionaires do it.
planish@sh.itjust.works 16 hours ago
I mean if you put up an Internet-facing unauthenticated file acceptor it will quickly become stuffed with all sorts of garbage and aspiring malware. You definitely don’t want to hook that up to an untar and exec loop, even with some notion of sandboxing. It will just start mining Bitcoins or sending spam or something.
But if it is built properly, with only authorized users being able to upload stuff, and a basic understanding of not dropping stuff where the web server will happily execute every PHP web shell someone sticks in the slot, and the leverage to threaten people into not uploading pictures of their own or others’ butts or Iron Man (2009), I don’t see why all but the file-uploading professionals should immediately give up.
sugar_in_your_tea@sh.itjust.works 1 day ago
You can accept them on internal networks, just have a file size limit and don’t extract them locally, but send to some cloud service for handling. You could even have it work with email attachments if you want.
Basically:
foggy@lemmy.world 20 hours ago
My method eliminates waiting to see if your students code runs fast enough. Unless complexity is part of the assignment, I’d still say go for the hash.