[boud]

Up

0

Down

::

Pour ceux qui le trouvent plus facile d’éditer wims.conf directement,
la doc dans public_html/modules/adm/manage/confdata.(en|fr) dit

:graphics default_texposition
 Default formula position / MathML
 choice
 0,1,2; low,high,MathML

Ce qui dans log/wims.conf devient default_texposition=2 si on
choisit le MathML comme valeur par défaut.

PS: Le MathML est de loin plus joli, et sans doute plus léger,
que les images ! 🙂

• Cette réponse a été modifiée le il y a 7 années et 3 mois par boud. Raison: postscriptum
• Cette réponse a été modifiée le il y a 7 années et 3 mois par boud. Raison: singulier/pluriel

[boud]

Up

0

Down

::

So blocking underscores is definitely a security feature!
Just to check,

\text{escapetolisp = maxima(to_lisp();)}

\statement{Repondre a la question svp.<br />
escapetolisp = \escapetolisp}

in an oef source gives

Repondre a la question svp.
escapetolisp = toklisp()

So to_lisp is disabled.

I suspect that eval_string probably should remain disabled too – as it
is at the moment with underscores being replaced by « K » (which then becomes
« k »). The « ? » escape to lisp leads to a rapid exit(1):
https://subversion.renater.fr/wimsdev/trunk/wims/src/Interfaces/maxima.c

[boud]

Up

0

Down

::

Julien – les fichiers placés directement dans le repertoire
scripts/anstype/ sont bien lus. La non-lecture des fichiers dans
log/classes/1234/ est peut-être pour des raisons de sécurité, ou
peut-être c’est une particularité des droits d’accès ou de chemin
dans mon installation de wims.

Joke – I agree – the range and precision parameters should be able to
reduce the chance of a wrong function being marked correct to a very
small value – my guess is a probability of around 1e-15 or so. Since
the error is in favour of the student, this should be a safe error margin. 🙂

However, a warning: something in an anstype file of the form `!exec
maxima some_operation_A(reply$i) = …` is likely to fail if the
maxima operation literally contains underscores. I don’t know if this
is a bug or a security feature. Further discussion would probably best
go at
https://wimsedu.info/?topic=caratere-underscore-dans-maxima
and if the consensus is that it’s a bug, then probably it should be
filed at https://sourcesup.renater.fr/scm/?group_id=379 (Maybe an
exception to the « refuse underscores » rule could be made for maxima
built-in functions, that are trusted to be safe? or a wims parameter
that lists allowable maxima functions whose symbols include
underscores could be definable in wims.conf?)

Thanks to both of you for the fast responses.

[boud]

Up

0

Down

::

Cette substitution d’un underscore par un « K » est toujours présent
dans la version actuelle de https://subversion.renater.fr/wimsdev/trunk/wims/src/Interfaces/maxima.c:

* check for security violations in command string */
void check_parm(char *pm)
{
    char *s, *pp;
    int l;
/* Underscore replacement */
    for(pp=strchr(pm,'_'); pp!=NULL; pp=strchr(pp+1,'_')) *pp='K';
/* '?' escapes to Lisp commands. */
    if(strchr(pm,'?')!=NULL) {
        fprintf(stderr,"Illegal under WIMS.\n"); exit(1);
    }
    for(s=pm;*s;s++) *s=tolower(*s);
    strip_trailing_spaces(pm); l=strlen(pm);
    if(l>0 && pm[l-1]!=';') strcat(pm,";");
    find_illegal(pm);
}

Elle me gêne aussi (je souhaiterais utiliser quad_gaqs dans
maxima). Je ne connais pas suffisamment maxima pour savoir si l’underscore
est réellement une source d’exploits de sécurité.

J’ai essayé (sans succès) le hack suivant. J’ai créé le fichier
~<wimsuser>/.maxima/maxima-init.mac
avec le contenu
powerkmod(a,n,m):=power_mod(a,n,m);
où <wimsuser> est l’utilisateur wims, par ex. wims.

Pour un utilisateur ordinaire avec un fichier identique ~/.maxima/maxima-init.mac,
l’on pourrait ainsi utiliser la fonction powerkmod comme alias de power_mod.

Mais l’appel de wims à maxima ne semble pas lire le fichier ~/.maxima/maxima-init.mac.

Deux questions, donc :

L’underscore est-il un danger pour faire un exploit dans maxima ? (Il est évident
qu’il ouvre accès à un plus grand nombre de fonctions dans maxima.)

Y a-t-il un workaround temporaire pour ceux qui veulent utiliser les fonctions avec un underscore dans
maxima appelé par wims, tout en acceptant ce risque (inconnu) ?

• Cette réponse a été modifiée le il y a 11 années et 1 mois par boud. Raison: anchor
• Cette réponse a été modifiée le il y a 11 années et 1 mois par boud. Raison: peut-etre les urls sont desactives ? c'est pas grave
• Cette réponse a été modifiée le il y a 11 années et 1 mois par boud. Raison: plus elegant
• Cette réponse a été modifiée le il y a 11 années et 1 mois par boud. Raison: ou

[boud]

Up

0

Down

::

Julien – c’est sur un serveur local (debian/squeeze wims-4.00-4 + patch pour
bug #8408), dans un répertoire pour « prof visiteur » [je trouve ça toujours
le plus simple à gérer], c.a.d.
log/classes/1234/
qui contient

ls -F
anstype/  content.html	doc/	Exindex   exostat   livret/	 score/    sheets/  supervisor	vote/
cdt/	  def/		exams/  Extitles  forum/     noscore/  scoreavg  src/     version

Wims et apache ont le droit de lecture de anstype/, anstype/algexpmynewname et
anstype/algexpmynewname.input (et d’execution de anstype/).

Un problème de droits d’accès me semble envisageable, mais je ne vois
pas où exactement. Faut-il le droit d’écrire des fichiers temporaires qq part ?
Ou peut-être c’est une erreur de chemin ?

Joke – thanks for helping me read the source – in that case I think
I’ll use type=function explicitly. The evaluation method for functions
does not constitute a serious mathematical proof that two expressions
are equal, but for practical purposes in « ordinary » physics (no Dirac
delta functions, Cantor functions, etc.) it may well be enough.

In that case – this is just wondering aloud – what are the chances of
either incorrectly marking a wrong answer to be correct or a right answer
to be wrong?

Continuing with my question 1 bis, I can get a « wrong » answer (one or more
terms of Taylor expansion at t=0) to be marked nearly correct or fully
correct if the precision is not too strict and if the range is close
to zero:

\precision{100000}
\range{0.001..0.1}

…
\answer{1. La reponse ?}{\theanswer}{type=function}

2/t  	  bad precision, the correct answer is cos(t/8)/(4*sin(t/8)).
You have got a score of 7.2 on 10. 
2/t - t/96  	  good answer.

I didn’t manage to create an example where the right answer is marked
wrong, without any warning of an error in the script. In principle,
requiring a precision of 1e-16 for double precision calculations
should give different answers when calculating something in one step
versus many steps with uncorrelated least significant bit errors.

I had never thought of this sort of numerical checking to be anything
more than a hack before, but the chance of it failing either way are
probably low for « reasonable » practical cases, as long as the author(s)
of the exercise do not forget the nature of the algorithm. Good :).

[boud]

Up

0

Down

::

Thanks for the hints – I have no objections to integrating some
« native WIMS » with OEF – provided that I understand how to set up the
files and paths, etc. I found that {type=algexp} in my oef script
refers to files located at

scripts/anstype/algexp
scripts/anstype/algexp.input

I copied these two files to a directory anstype/ in the
directory for this class, and renamed them. I don’t seem to
be able to get the OEF system to read them using {type=algexpmynewname}.

However, I removed {type=…} totally, and now seem to have a hack
that works: let WIMS/OEF decide itself what the type is (i.e. use a default
type). Thus, now I have for the following OEF source file:

\title{example 3 pour rapport de bug}
\computeanswer{no}
\format{html}
\precision{1000}

\text{question= maxima(diff((sin(t/8))^2,t)/(sin(t/8))^2;)}

\text{theanswer= maxima( \question, expand;)}

\statement{Repondre a la question svp.}

\answer{1. La reponse ?}{\theanswer}

examples of correct answers:

cos(t/8)/(4*sin(t/8))  	  good answer.
 1/4 * cot(t/8)  	  good answer.
 1/4 /tan(t/8)  	  good answer.
 0.25/tan(t/8)  	  good answer.
 cot(0.125*t)/4  	  good answer.

examples of wrong answers:

1 /tan(t/8)  	  bad answer, the correct answer is cos(t/8)/(4*sin(t/8)).
cos(t/8)  	  bad answer, the correct answer is cos(t/8)/(4*sin(t/8)).
 sin(t)  	  bad answer, the correct answer is cos(t/8)/(4*sin(t/8)).

So far it seems that the default answer type for oef answers is just what I
was looking for – no need for any extra calls to maxima. 🙂 (Maybe the wims
scripts already do this by default?)

Replacing the answer line by

\answer{1. La reponse ?}{\theanswer}{type=default}

gives identical results.

• Cette réponse a été modifiée le il y a 11 années et 1 mois par boud. Raison: syntax

[boud]

Up

0

Down

::

To illustrate this point further, I modified question 1 to:

\text{question= maxima(diff((sin(t/8))^2,t)/(sin(t/8))^2;)}

The following two answers (which in reality are correct) are
interpreted as wrongly written, or wrong, respectively:

0.25 *cos(t/8)/sin(t/8)
is not written as required. Please rewrite it in the correct form.

0.25*cot(0.125*t) bad answer, the correct answer is cos(t/8)/(4*sin(t/8)).

Introducing more correct answers by applying
maxima(float(…);) to each of the existing correct answers and
adding these new ones to the list can, again, allow these two specific
examples to be accepted as correct. But then 0.25*cot(t/8) requires
float to be applied before trigreduce. I don’t see how a more complex
question can have a reasonably short list of correct answers rather
than growing longer factorially.

[boud]

Up

0

Down

::

Thank you for the suggestions. One of them helps for one of these two
specific examples, and I found a maxima hack for the second, though
the main problem – can we run maxima on the answers? – remains. My
patch compared to my post above is:

@@ -18,5 +18,8 @@
 \text{theanswerfactor=maxima(\theanswer,factor;)}
 \text{theanswertrigreduce=maxima(trigreduce(\theanswer);)}
 \text{theanswerfactortrigreduce=maxima(trigreduce(\theanswerfactor);)}
+\text{theanswerfactorfloat=maxima(float(\theanswerfactor);)}
+\text{theanswerletsimp = maxima((matchdeclare(a,true), letrat: true, let(cos(a)/sin(a),1/tan(a)), letsimp(\theanswer));)}
 \statement{Repondre a la question blabla.}
-\answer{1. La reponse ?}{\theanswer,\theanswerfactor,\theanswertrigreduce,\theanswerfactortrigreduce}{type=algexp}
+\answer{1. La reponse ?}{\theanswer,\theanswerfactor,\theanswertrigreduce,\theanswerfactortrigreduce,\theanswerfactorfloat,\theanswerletsimp}{type=algexp}

So 0.7/t is now accepted as a correct answer for question 1, using the
5th correct answer in the list of correct answers. The tan simplification
(ignoring cot) is obtained by telling maxima how to simplify to tan and
saying nothing about cot, so the 6th correct answer now works for question 2.

But these are just specific hacks for rather simple expressions. The
problem for more complicated problems remains: algebraic and
trigonometric simplification are not the main skill being tested. The main
question is whether the student can express physical problems mathematically
and simplify them to a reasonable degree, without pedantry. With these quite
simple examples there’s already a list of 6 different valid answers. Preparing
a list of e.g. 120 valid answers would be impractical.

Can we apply maxima to the answer provided by the student (instead of
having to generate a list of valid answers)?

(PS: trigrat is available in maxima-5.21.1, though it doesn’t help.
Here is my maxima version:

dpkg -l |egrep " maxima( |-share)"
ii  maxima                                   5.21.1-2squeeze                          A computer algebra system -- base system
ii  maxima-share                             5.21.1-2squeeze                          A computer algebra system -- extra code

)

• Cette réponse a été modifiée le il y a 11 années et 1 mois par boud. Raison: trigrat and maxima version

[Auteur]

Messages