Friday, 15 January 2010
More Links
In the list of project links to the right you will now find links to the presentation slides, the final report and a direct link to download the whole application (the WAR folder) bundled as a RAR archive. The slides and report are both hosted at Google Docs.
Math Empire - As seen by the admin
The admin can do the same things as the teacher, he can add exercises/tests and display statistics.
Admins can also manage user-types and empty the database.
User management:
The admins can decide if a user should become a student,teacher or an admin. Clicking radio-buttons and Save-button changes the user type of any user.
Empty the database:
If the admin gets bored of his nice little database, he can empty it... thus deleting all exercises and users.
The first user to create an account automatically receives an admin account. At the same time the database is filled with a standard set of exercises.
Admins can also manage user-types and empty the database.
User management:
The admins can decide if a user should become a student,teacher or an admin. Clicking radio-buttons and Save-button changes the user type of any user.
Empty the database:
If the admin gets bored of his nice little database, he can empty it... thus deleting all exercises and users.
The first user to create an account automatically receives an admin account. At the same time the database is filled with a standard set of exercises.
Math Empire - As seen by the teacher
The teacher has fewer options than the student. All he can do is to create tests and view statistics.
Test Creater:
The teacher can create tests, consisting of several different exercises with different parameters. The current version isn't that nice when it comes to usability, the syntax for creating tests is not as simple as it could be, but it works!
Test Creater can also be used to update the database with new possible exercises when a new exercise has been created and the code is recompiled.
Statistics:
I is possible to show statistics on exercises. Exercises that are only available to students can have their statistics printed. Statisitcs show up as a bar-graph where the result from 0-100 is shown on the X-axis. Y-axis is relative amount of students that have reached a specific score. Exercises that dont have any statistics stored on them just displays some random data.
Test Creater:
The teacher can create tests, consisting of several different exercises with different parameters. The current version isn't that nice when it comes to usability, the syntax for creating tests is not as simple as it could be, but it works!
Test Creater can also be used to update the database with new possible exercises when a new exercise has been created and the code is recompiled.
Statistics:
I is possible to show statistics on exercises. Exercises that are only available to students can have their statistics printed. Statisitcs show up as a bar-graph where the result from 0-100 is shown on the X-axis. Y-axis is relative amount of students that have reached a specific score. Exercises that dont have any statistics stored on them just displays some random data.
Monday, 11 January 2010
Math Empire - As seen by the student
This blogpost shows how our site looks for a student that wants to use our application.
First, when the student enters our site, he will be shown a login-window. He types in his username and password. If he already has an account, he will be logged in, like a usual web-page login, but if he is a new user, he will be forced to enter some additional information.
An old version of the the login-flowchart can bee seen in a previous post.
A sidebar with some buttons is shown to the user:
The user clicks on some button and an exercise is shown. He solves the exercise, clicks the submitbutton, and the exercise panel disappears. To do more exercises he just clicks on them. Some exercises are tests, which consists of several exercises within an exercise.
The sudoku exercise:
A test:
And finally, the text-exercise:
First, when the student enters our site, he will be shown a login-window. He types in his username and password. If he already has an account, he will be logged in, like a usual web-page login, but if he is a new user, he will be forced to enter some additional information.
An old version of the the login-flowchart can bee seen in a previous post.
A sidebar with some buttons is shown to the user:
The user clicks on some button and an exercise is shown. He solves the exercise, clicks the submitbutton, and the exercise panel disappears. To do more exercises he just clicks on them. Some exercises are tests, which consists of several exercises within an exercise.
The sudoku exercise:
A test:
And finally, the text-exercise:
Sunday, 10 January 2010
Security and MECHA: Math Empire Custom Hashing Algorithm
First, a word of caution: Do not try this at home (unless you absolutely have to)!
When it comes to security, it is a good idea to use existing open algorithms that have been hammered on by scientists and crypto-crackers over the years and not some randomly thrown together piece of obfuscated code that might be as insecure as clear text.
In our case, we store passwords, and these are best hashed. A good hashing algorithm to use is SHA1, and so we tried to go with that one. Unfortunately if we want to hash at the client side (side note: We are now using TLS encryption) GWT needs to be able to translate the code into JavaScript. GWT doesn't implement getBytes of String, and so the hashing didn't work. Last resort: Create a very simple crypto cipher or create a new odd hashing algorithm. MECHA is the result of following the last approach, created on the basis that it will be "good enough".
It is at least better than some trivial substitution cipher.
MECHA is a bit of security through obscurity, and technically probably is a block cipher with hash properties. It is destructive in a way to prevent recovery of the original message, and it doesn't just substitute the letters, in order to prevent frequency analysis. A hash has the potential (but very unlikely) problem of collissions, and so does MECHA, even though it does not output a string of fixed length. It's computer science magic.
So now kids can, after having tapped into the TLS stream, now get an additional mathematical challenge of cracking MECHA, but even if they do figure out the inner workings of the algorithm, they can't get the password. Try reconstructing a finger from a hash of a fingerprint.
When it comes to security, it is a good idea to use existing open algorithms that have been hammered on by scientists and crypto-crackers over the years and not some randomly thrown together piece of obfuscated code that might be as insecure as clear text.
In our case, we store passwords, and these are best hashed. A good hashing algorithm to use is SHA1, and so we tried to go with that one. Unfortunately if we want to hash at the client side (side note: We are now using TLS encryption) GWT needs to be able to translate the code into JavaScript. GWT doesn't implement getBytes of String, and so the hashing didn't work. Last resort: Create a very simple crypto cipher or create a new odd hashing algorithm. MECHA is the result of following the last approach, created on the basis that it will be "good enough".
It is at least better than some trivial substitution cipher.
MECHA is a bit of security through obscurity, and technically probably is a block cipher with hash properties. It is destructive in a way to prevent recovery of the original message, and it doesn't just substitute the letters, in order to prevent frequency analysis. A hash has the potential (but very unlikely) problem of collissions, and so does MECHA, even though it does not output a string of fixed length. It's computer science magic.
So now kids can, after having tapped into the TLS stream, now get an additional mathematical challenge of cracking MECHA, but even if they do figure out the inner workings of the algorithm, they can't get the password. Try reconstructing a finger from a hash of a fingerprint.
Saturday, 9 January 2010
Logging in
It is sometimes tricky to login to sites and service. To use our site, we have decided that users should log in. Then, the first thing a student would want to do, is to log in to his account - or to create an account. That iswe show the login screen first of all.
Logging in is convenient, and so is it to create an account. If the user wants to create an account, he simply enters a username and a password. If the username is available, more options appear on the screen, and all the new user has to do to complete the process is to enter a question and a secret answer to that question.
Logging in is convenient, and so is it to create an account. If the user wants to create an account, he simply enters a username and a password. If the username is available, more options appear on the screen, and all the new user has to do to complete the process is to enter a question and a secret answer to that question.
Figure shows the looks of the login-screen during login
Tuesday, 5 January 2010
Statistics
Statistics shows that improbable things happens, but just not very often..
Now our statistics works, and it will probably keep doing that... most likely.. at least to some extent.
However it is unlikely that peter will accept our current project, since we are likely to have one of the most unsafe user handling/login-systems ever seen this year. Admin as username and no password support is soooo -00.
Figure shows a randomized bar-graph over the results from one of our exercises.
Now our statistics works, and it will probably keep doing that... most likely.. at least to some extent.
However it is unlikely that peter will accept our current project, since we are likely to have one of the most unsafe user handling/login-systems ever seen this year. Admin as username and no password support is soooo -00.
Figure shows a randomized bar-graph over the results from one of our exercises.
Bringing Math Empire to the Next Decade
Some might argue that, since the calender actually starts from year 1, the decade change hasn't occured yet. I am not, however, going to pass up the opportunity to write about taking Math Empire into the next decade.
In the last decade, we made a site that works. This is a good starting point, but it needs to work according to certain requirements, which will be addressed in this recently arrived brand new decade. Statistics is under way, and soon we expect the site to have the required functionality so it can be used by anyone and run there by itself.
The project timespan is almost at an end, and I have started to sum everything up in a report; the first report of the decade. To celebrate the new decade, the report will contain some uncommon typographic glitches. No, this is not really intended, but Google Docs still has some things to learn when it comes to adhering to established typographical conventions.
In the last decade, we made a site that works. This is a good starting point, but it needs to work according to certain requirements, which will be addressed in this recently arrived brand new decade. Statistics is under way, and soon we expect the site to have the required functionality so it can be used by anyone and run there by itself.
The project timespan is almost at an end, and I have started to sum everything up in a report; the first report of the decade. To celebrate the new decade, the report will contain some uncommon typographic glitches. No, this is not really intended, but Google Docs still has some things to learn when it comes to adhering to established typographical conventions.
Monday, 4 January 2010
New Year - New Code
I´m back after the christmas holiday, it is time to get some coding done!
Currently I have added a statistics 'Exercise'. It can't draw any statistics yet, but without too much effort it will be able to. I have added server-side functions that allows the exercise to receive the statistics to print from the server. Although there is no such useful statistics-data available yet, since no exercises reports such information to the server at this point.
The statistics data shows the results on an exercise, it shows how many tries that have been made on that exercise, and how the users did. The statistics are completely anonymous, no individual results are stored.
Currently I have added a statistics 'Exercise'. It can't draw any statistics yet, but without too much effort it will be able to. I have added server-side functions that allows the exercise to receive the statistics to print from the server. Although there is no such useful statistics-data available yet, since no exercises reports such information to the server at this point.
The statistics data shows the results on an exercise, it shows how many tries that have been made on that exercise, and how the users did. The statistics are completely anonymous, no individual results are stored.
Subscribe to:
Posts (Atom)