Computer Science Teacher
Computer Science Teacher - Thoughts and Information from Alfred Thompson

November, 2006

  • Computer Science Teacher - Thoughts and Information from Alfred Thompson

    Just Add Imagination


    I met a 12-year old programmer yesterday. He was on a field trip to the Microsoft Technology Center in Chicago with his middle school. He'd brought a USB storage stick with a program he'd written on it to show us. What he had written was a very cool web browser. He told me it included about 20,000 lines of C# code.

    He demonstrated the program for the group and I have to say he impressed a lot of people. This web browser had the features you would expect such as tabbed browsing but it had a lot of features I'd never thought about. For example it was a simple menu option to have the program look up the ownership of a domain using whois. And there were other options to get other bits of information about the web site as well. Frankly there was too much to see in a short period of time for me to absorb it all. I gave him my card and asked him to email me. Frankly I want to try his program out for myself. I also want to know more about how he did it as well.

    There were a couple of messages I took from this experience. One key message was that young students are very capable of thinking outside the box. They are quite adept at looking at a tool (in this case C# and the .NET Framework) and putting the pieces together in new and interesting ways. Another is that Visual Studio and the objects in the .NET Framework clearly make a lot of things easier to include in a program than ever before. This student was taking full advantage of them and had created a very powerful application.  The combination of opportunity, the right tools and a young, energetic creative mind is a very wonderful and powerful thing.

    I just wish we could introduce programming to more young students. This student is 12 but has already been programming for three years. Bill Gates started programming when he was 13 so this young student has a four year head start. Just imagine the possibilities.

    {Note: I have a brief follow up on this student posted as he enters high school.]

    [Note to Digg readers - please look around and read more of my blog. I'm glad you stopped by.]

  • Computer Science Teacher - Thoughts and Information from Alfred Thompson

    How to break into and destroy someone's database!


    OK did that title get your attention? I suspect that if one started a classroom discussion with "How would you like to break someone's online database?" one would get the full attention of every student in the room. Well the fact is that doing this is far more simple than many people would imagine.

    Joel Spolsky (at Joel on Software) has a great description of an SQL Injection Attack. The short version is that many web pages, and even some desktop applications, assume that they user is only going to send them good data. In this case "good" means data that isn't going to do anything harmful. So what these programmers do is build an SQL search string using the user supplied data unchecked and unverified. As Joel explains there are ways to take unwanted (by the people who own the program/web page) advantage of this mistake. The SQL Injection problem may very well be the single most common way to break into web applications.

    To be fair a lot of textbooks don't talk about this problem. For one thing examples in textbooks tend to be simple and to include as few concepts as possible so as not to confuse the beginner. Unfortunately this often results in bad code because things have to be forced to fit what the writer is trying to teach. Most textbooks that talk about error handling do so in a simplistic and isolated fashion. I confess to being guilty of this myself. It's just hard to fit everything in.

    Most professional programmers learn about data checking, defensive programming (protecting the program from the user), and other security measures only when they get their first professional job. That is one of the reasons most companies assume it will take a new (one with a diploma with wet ink on it) a year to a year and a half before they become fully productive. This is really a shame.

    There are two things that have to happen for this situation to get better. One is that textbook authors have to put a little more effort into educating their readers about programming securely. The other is that people who teach programming have to bring it up a lot more often in class. They should probably include some metric for "who secure is this program?" metric in the projects they grade. Oh I don't think one has to hold students feet completely to the fire from the very beginning. However as a student advances through a course or certainly though a degree program they should be held more and more accountable for good programming practices that includes checking input and writing code that doesn't depend on the honesty or competence of the user.

    A more secure Internet and desktop starts with education.

    BTW for another article about the problems that come up when software is not designed with security in mind read this article about security problems with Open Office.

  • Computer Science Teacher - Thoughts and Information from Alfred Thompson

    What is so scary about programming?


    It seems fitting to talk about scary stories so soon after Halloween somehow. Yesterday I read a very interesting post by Mark Guzdial at the NCWIT Site. In it he talks about running into significant numbers of college students who are terrified of programming. he talks about students trying to drop required courses to avoid having to do programming. That's pretty scary - especially at a top school like Georgia Tech!

    What is it about programming that scares people? I'm not a good one to answer this question because I find programming one of the most fun and interesting things I do in my life. And that is not because I have a boring, completely tech dominated life either. I enjoy kayaking, surfing, snowboarding, and many other activities both indoors and out. In fact most of the professional programmers and computer scientists I know (and after 30+ years in the business I know a lot of them) have very balanced lives. Programming does not ruin people.

    I wonder if the fault is in part that people have promoted programming as hard to try to keep it exclusive. Not so much in recent years but in the past. Is it because programming really is hard? I think not. Or is it because we just teach programming wrong?

    One of the things I worked very hard on (and continue to work hard on) is to help students achieve some early success with programming. One of the reasons I really like Visual Basic .NET as a first course language (and this applies to C# as well) is that it is very easy to create a simple program that looks like a "real Windows program." The program doesn't have to be complicated or do anything very difficult but if it looks good - "wow, it has buttons and everything?" - students seem to be less intimidated by the process and more willing to move on to the important things.

    Teaching is in many ways about removing barriers to learning. Drag and drop programming languages like Alice and some of the robotic programming languages like those used for Lego Mindstorms and the Microsoft Robotics Studio remove the complexity of syntax. Syntax can be a big barriers to learning how to program. The kinesthetic learning project like those in Computer Science Unplugged that I talked about yesterday can help remove some of the fear of computers or the assumed complexity of the concepts. Drag and drop form design and the friendly syntax of Visual Basic .NET can also be helpful to removing some of the complexity barriers.

    But I think we have to do a lot as teacher to reassure students that programming is not so scary or difficult as they may think it is. Is is completely easy? No it's not but is it really so much harder than writing a good five paragraph essay? I think not. It's a matter of proper teaching and an openness to learn.

    Programming is something that just about everyone can learn. That is not to suggest that everyone can or should become a professional programmer. But you know we don't expect every child who learns to play soccer (football) to play in the World Cup some day either. Are children frightened away from playing sports because of how good the professionals are? No they are not. They understand that they can learn the game well enough to enjoy it and get some value out of it. Programming is the same. It can be a lot of fun and it can be a very valuable skill - as much a way of looking at and solving problems as anything they will learn in most other subjects.

    But first we have to get them to not be afraid.


    Technorati tags: , ,
Page 6 of 7 (20 items) «34567