Cyber Security or Just Good Program Design?

People continue to share things that they learned at SIGCSE online. Recently Ria Galanos, from Thomas Jefferson HS, shared Cybersecurity Modules: Security Injections|Cyber4All @Towson These ae a bunch of modules for teaching about various security issues like integer errors, Input Validation, and buffer overflow. Examples are in a number of languages including C++, Java, and Python. Looks like great stuff really.

From what I understand the majority of security vulnerabilities in software are a result of one of these three types of errors. Clearly they are important concepts but we don’t spend a lot of time talking about them in beginner classes. That probably needs to change.

It seems like we keep adding things to what we should be teaching beginners. Ethics, Accessibility, Security, and let's not forget the stuff for the AP Exam. How do we fit it all in?

Ultimately we have to do things in parallel. I think we have to think about ethical computing, safe programs, and accessible software as all part of good, solid program design. I think it is a mistake to think about all of these things as separate units to be taught in isolation. Projects can be created that integrate security, accessibility, and more by defining them all as good design. Not something special to do just for security or just for accessibility but for sound design.

Now to go look at my projects and see how to do all of that.

Accessibility and Computer Science

I’ve been following, as much as one can, the SIGCSE conference via Twitter this week. One of the comments I read talked about how many places don’t teach accessibility because they don’t see it as part of computer science. I can see that – sort of. On the other hand, accessibility is really an important part of human computer interaction and few fail to see that as an important part of computer science. Human-Computer Interaction is one of the 18 Knowledge Areas discussed in the CS 2013 Final Report

These days are we increasingly recognize diversity as important in teaching computer science I think it is important to realize that accessibility is essential for improving diversity in all areas. That means it should be included in any discussion of Human-Computer Interaction.

Speaking of HCI, the video below is a fun and useful look into what HCI and good design means. It was shown at SIGCSE by Tim Bell of Computer Science Unplugged.

Modeling Good Coding Practice

Facebook showed me this cartoon this morning.

Teaching computer science means you are often programming while someone watches. I confess that I have been known to write something “quick and dirty” but that is not really an option for anything that students might ever see. Or really anyone else might see. “Do as I say not as I do” really doesn’t work for anything.

Generally I’m pretty careful about how I write code while I am doing a demo or creating a scaffold project for students. It requires a few extra minutes but I think it is important to model good practices. I think I have to make a point of explaining why I am taking those extra steps as they are not obvious to beginners.

Sure it seems unnecessary to rename a label box when there is only one label box on the form. Or to change the text property of the form. Or any one of a number of things that appear to be cosmetic and that don’t keep the program from working. But habits are important.

I remember once asking my father why we had to have perfect table manners at home where no one could see us. My father explained that by developing the good habits at home we would be less likely to mess up in public. It’s a lesson that stayed with me. It is why,even in the small simple code, using good coding practice is important. That way you don’t have to think about it when the coding gets public.

Open Letter to People at #SIGCSE2018

The Annual SIGCSE Technical Symposium is taking place in Baltimore this week.  Some of the best minds in computer science education are sharing ideas in sessions, panels, birds of a feather, and hallway conversations. At the same time most of the people who really need that information – classroom teachers, adjunct faculty, and others teaching computer science – are not there to hear it. It’s reality. We can’t all be there. We are starving to hear about what people learn at SIGCSE though.
Now some of us who are members of ACM and SIGCSE will get the papers later but that only goes so far. My request to the people at SIGCSE is that they find ways to share some of the things that don’t make it into the printed papers. Things like the keynotes. What an amazing lineup of keynotes this year it is too!

And the birds of a feather and the hallway conversations and the rest of the stuff that is just so hard to capture.

How should you do it? Well lots of ways. For one thing live tweet the event. Use the official hashtag - #SIGCSE2018. There are people at home watching. We may even ask you questions.

Share things on Facebook. There are a couple of good groups there that would probably welcome SIGCSE posts. I can think of Computer Science Education: Researchers & Practitioners and Computer Science Educators as examples. Or post them as public on your own account so people can share them.

For another write posts on your blog. Don’t have a blog? I tell you what – I will post guest posts from SIGCSE attendees here on my blog. Send them to me at act2@acthompson.net with your attribution information and I’ll post as many as come in.

Consider offering to talk about SIGCSE at a future local CSTA chapter meeting. You’re probably going to share information at your home institution but there are lots of others who would love to hear about what you learned at SIGCSE.

Programming Patterns For Beginners

Ever since I read those papers on the Rainfall program (How Hard Is That Programming Problem?)  I’ve been thinking about patterns in problem solving and programming. There are many of these types of patterns in programming but most of us learn them through experience.

The Rainfall problem is one example. It’s basically a counting and totaling loop that handles exceptions. Anyone who has done one of those (or maybe two if they are like me) probably sees that pattern as soon as they read or hear the problem statement. It’s new to beginners though.

One of my favorite patterns (much more complicated for beginners to see) has to do with avoiding special cases for boundary conditions. Take for example the lights out project (Taking Things To Another Level ) it involves checking the squares above, below, to the left, and to the right of a box in a 5 by 5 grid. Beginners tend to see that as calling for special cases for the corners and edges. Experienced programmers create an invisible row above and below and an invisible column to the left and right of the visible grid which allows all boxes to be checked the same way. It’s a pattern many of us have seen before.

After a while I think most of us don’t even consciously think “oh that is a pattern I have seen before” but we just go with it. Of course there are far too many patterns to teach all of them in a single semester (or single life time I suspect.)

lately I have been asking myself “what are the most common patterns I can think of and how to I create projects to give students experience with them?” And more than that, how can I get them to recognize those patterns in the future? I can’t assign enough projects so I think we’ll be reading some code. Maybe playing with Parsons Problems. But definitely I need to have students read more code.

Do you teach patters explicitly or just implicitly? What patterns do you see as most important for beginners to learn?

Self Driving Everything

Nissan put together this cute little video that starts with self driving slippers and moves on to self driving pillows and chairs and, well, watch it.

What's next? That is the question I would ask students - what else should be self driving? And why?

Jumanji and the While Loop

Cultural references (term used loosely) can make projects and exercises more interesting for students. Now that there is an updated version of the movie Jumanji out I decided to use that reference again for working with while loops.

If you remember the movie, you will probably remember that people playing the game can be forced to wait in the jungle until another player rolls a 5 or an 8. There are several ways you can use this in an exercise. You can “roll” dice once and use an if statement to report if the person can leave the jungle or not. OK but boring. Or you can simulate rolls to see how many “moves” it takes to get someone out of the jungle. That’s what we did.

There are several things I like about this exercise. We start by asking if the loop should check at the top or the bottom. Of course you can write it either way but the discussion is the valuable part.

Next we take on how the Boolean expression is formed. Finally we talk about the code inside the loop. One die with a range of 1 to 12 or two die with a range of 1 to 6? Which one better simulates real game play and why? Finally we talk about how to do the counting inside the loop.

All in all I find it a helpful exercise. As a demo it is simple enough to show the basics but involved enough to have some good conversations about how and why we do things different ways. And it is relatable to things outside of school.

Quotes About Programming and Computer Science

While looking for a quote that was mostly remembered except for who to credit with it I found a couple of fun sites with quote collections in them. Some of these I already share with students. I think I may print out some more of these quotes for my bulletin board.

This first site is a single (longish) page with some of the best. One of my favorites is:

When debugging, novices insert corrective code; experts remove defective code. ~Richard Pattis

This next list is collected by Rich Pattis who is very quotable himself as you can see above. His list covers more than just programming. I love this one:

Those who know, do. Those who understand, teach. - Aristotle

This next one shows you a quote of the day and has a long list of sources in a menu on the side of the page. Lots of great people to check out. I like this quote by Bill Gates:

"Measuring programming progress by lines of code is like measuring aircraft building progress by weight."
- Bill Gates
Read more: http://www.softwarequotes.com/showquotes.aspx?id=579&name=Bill Gates#ixzz570txjSqE

This one has two pages of quotes. Some are more interesting than others to me but I did like this one:

“That's the thing about people who think they hate computers. What they really hate is lousy programmers.”
― Larry Niven

Do you have a favorite source for computer science quotes? Or a favorite quote that you don’t find on one of these lists?

Teaching Diversity in Computing

One of the important topics in computing these days is diversity. Why? Well there are things like concern about equal opportunity. (Why Can’t Silicon Valley Solve Its Diversity Problem?) and that is part of it. It’s often hard to make people understand why that lack of diversity is a problem. People are only starting to understand how bias creeps into software. It creeps in because we all have biases – some more subtle than others. And that influences how we write software.

Here are a couple of issues that have come up based on race for example.

• Facial Recognition Is Accurate, if You’re a White Guy
• A beauty contest was judged by AI and the robots didn't like dark skin
• Why Can't This Soap Dispenser Identify Dark Skin?

It should be obvious that something like facial recognition should be tested with a wide variety of people with different faces and skin tones. Right? Well apparently it is not so obvious.

Some early color computer monitors used a mix of red and blue colored letters. This is actually a problem because there are a surprising number of people with red/blue color blindness. No one on the design team had the problem of course so it slipped by until the product was released.

There is a story, I haven’t been able to verify it but it is a good example, that early models of the Apple Newton had a very good handwriting reader. Well until they handed it to a left handed person and it could not read their handwriting.

I’ve been talking about testing and debugging with my students lately. It seems like a logical place to talk about algorithmic bias and the need for testing with a diverse population. We talk about how different viewpoints also contribute to more and different ways of looking at problems.

I feel like this is an important topic to cover. Having a more diverse population in computing is clearly an issue of fairness and that is enough of a reason to promote it. But I don’t think it hurts to point out that diversity also results in better software which benefits all of us. If we don’t explain this and teach it than I don’t think all of our students will understand this on their own. Some will of course but it is too important a topic to leave to chance.

BTW there is a regular Twitter chat on ethics and computing using the #EthicalCS hashtag. Highly recommended.

For more on the topic of bias in algorithms you  may want to visit the Algorithmic Justice League.

Priming the Computing Teacher Pump

Where are computer science teachers going to come from? That’s the big question. OK it is one of the big questions about Computer Science for All. Increasingly CS is moving to younger and younger grades and a lot of people are asking where those teachers will come from. Many teachers who teach computer science now don’t think of themselves as computer science teachers by the way. In elementary schools most teachers appear to think of themselves as grade level teachers. The generally teach most everything.

I believe we want computer science integrated in the elementary school curriculum and not just a subject taught by specialists. I was a computer specialist in a couple of elementary schools many years ago and while it was fun I think it would have been a lot more effective as a more integrated subject.

But anyway, back to the question, how and where and when are these teachers going to learn to teach computer science? There has long been some discussion about getting schools of education involved. Not much progress and most of the talk seems to have been among computer science education people.

Earlier I saw this post on Mark Guzdial’s blog - Finding a home for computing education in US Schools of Education: Priming the Computing Teacher Pump

So of course I visited the related website  - http://www.computingteacher.org/ – to learn more. Some of the most amazing people in CS education are involved. I hope a lot of schools of education take notice and get involved. We need teachers prepared to prepare all students.

---

Priming the Computing Teacher Pump: Integrating Computing Education into Schools of Education

This report focuses on Schools of Education rather than Departments or Colleges of Computer Science/Computing for setting up CS teacher education.

We challenge US teacher education programs to innovate and integrate a new discipline into their programs. What we propose is nothing less than a change to the American Education canon. Such enormous change will require innovating in different ways, using different models and strategies, before we find models that work. The report, Priming the Pump, will highlight examples of integration from across the United States, and provide concrete recommendations for discussion.

With the expansion of computing education in mainstream K-12 schools, the current training mechanisms for teachers quickly will fall short of supporting a sustainable pipeline of teachers for the scale many cities and states have committed to.

The Struggle To Keep Programs Simple

Debugging code is hard. Really hard. The more complicated the code the harder it is to debug. Brian Kernighan said it well.

But oh do my students write clever code. Well, they think it is clever code. If nothing else it is complicated. It’s not really their fault though. Not completely.

Looking at student code the other day I realized that their tool set is limited. They don’t always have the tools to write code simply. I’ve blogged about this a bit before (The Complex Question of Complexity in Programming ) but it is something I keep struggling with. Many problems, like the Lights Out project in that referenced blog post, can be written in far fewer lines of code if you know about arrays. Without arrays it takes many lines of code and there are many places things go wrong. On the other hand the many lines are simple lines while the array version is more complex and has to be thought about a lot more.

Which way is better? Well that is open to debate. Plus it depends on the experience of the programmer.

It’s more than tools though. My students have been writing a project that involves a lot of if statements. They are doing the Ski Lift Ticket Project that I have blogged about before. There  are a lot of ways of constructing this solution. Some are more complicated than others. It always seems like some students want to make it very complicated. Why? I’m trying to figure that out but my working theory is planning. That and working in stages.

Some students try to handle both the age range and the resort status at the same time. For an experienced programmer this is not a big deal. For a raw beginner this can be a bridge too far. Students who first think about the age ranges and test that and then look at the resort status tend to do better. Better as in finish first and have less complicated solutions.

Too often beginners just start writing code without planning. Rather than being that fast way this is the long way. It also tends to result in more complicated code as line after line is added to handle situations that were not thought of in advance. Obviously I talk about planning all the time. And I try to model it when we work though exercises as a class. But well, kids in high school, know better. Just ask them – they’ll tell you.

I keep trying though. I also try to show them code and point out the design steps and the simplicity that makes it easier to follow. And I give them more tools as well. A lot of times a light goes off and a student says “I could have done this other thing a lot easier if I had known about that.” Yep, so keep learning new tools!

Is that a trick question?

For me at least writing test/quiz questions for programming students is hard. Most of what I assign and grade are projects but sometimes I like to toss out a quiz to see if I can figure out what students really know.  And frankly, some students are more comfortable with traditional quizzes and tests so it feels like a good thing to do. But as I said, writing questions is hard. I tell my students I can write a hard quiz really quickly but an easy one takes longer. I think that is true for a lot of teachers. Either way students like to second guess teachers on the questions they are asked. You’ve all heard it (and maybe said it yourself – is this a trick question?

Now this is a trick question:

What is the value of x after this code executes:

int age = 21;
int x = 15;
if (age >= 21)
     x = 15;
     age = age + 1;
     x = age;

It’s a trick question, in my opinion anyway, because it uses tabs to make it look like three statements are executed if the if statement is true. And that may be the case in some languages but in C-family languages like C, C++. Java, and in my case C# it’s not. I want students to realize that without curly braces x is going to be 22 no matter what else goes on. There is some extra code in there just to confuse things. Is that a good question? Arguably not but students never complain about it. What to they stress over and question me on? The freebee question I tossed in to make the quiz an even number of questions.

Enter the letter A as the answer to this question

I want to fix the first question BTW. I’ve never liked it but I was in a hurry one day. The second one I think I’ll leave as is.

I want more questions that require students to read code. The thing I struggle with is how to write good code reading questions without using poor coding practice. The AP CS A test has some and I toy with borrowing some of them and making adjustments for various programming languages but  so far I spend more of my time trying to come up with projects.

I’ve also used Code Hunt with some classes with mixed results. I may tackle that again soon. It can be tricky to set up your own questions though.

I have been reading about questions that ask students to put lines of code into the correct sequence. (Parson's Problems) That seems like a good idea. I wish I had a good tool for both writing them and having students work them out online. Any one know of such? (Looking at one in the comments.)

What sorts of questions do you ask programming students? What tools do you use to ask coding questions?

Does Anyone Read the Error Messages?

I suspect most if not every Computer Science teacher has had this conversation:

Student: Hey, I’m getting an error.
Teacher: What error are you getting?
Student: I don’t know.

Often they have dismissed the message without reading it. Even if they have it on the screen they may still not have looked at it. Why? I have no idea. So the teacher goes to the computer, looks at the message, and asks the student what it says. The student reads the message and then asks “what does it mean?”

Today I was thinking that maybe I should write up a longer explanation of the most common error and warning messages my students get. Will they read that document? Maybe. Maybe not. Ultimately though the problem is that they give up too soon. They don’t spend enough time reading the message and trying to determine what it means.

It’s not just a problem for beginners though. Years ago I was at a computer company supporting professional developers at a very technical company that built very sophisticated systems. One of the most common parts of my job at times was explaining error messages. Often I was explaining messages I had never seen before but was able to at least parse some meaning out of them.

Now it is easy to blame the people who write the error messages but many of them seem very clear to me. Is that because I have so much experience making errors? Perhaps but I don’t think so. More often, especially with beginners, one is so close to the code and so sure that it is right that is seems incongruent that there is an error message. Many is the time a student has told me “I am doing everything right and still getting an error message.”

In the long run, students can learn a lot from their errors. They can learn about the code obviously but perhaps more importantly they can learn the value of critical thinking and close reading. We as educators have to be careful about finding the thin line between giving clues and giving fast answers.