Sunday, November 27, 2011

Some advice for beginner programmers

In beginning computer science courses (like cs125 here at BSU) there are typically two kinds of students. The first group has programming experience. These students don't have any problems in beginning cs courses. The second group has never programmed before, a lot of these students have real trouble.

About a week ago I was talking with someone in my English class who is planning to take cs125 next semester. When ever I talk to someone like I always ending up telling them the same stuff. So I thought it might be useful to make a blog post to refer to on those occasions. For those of you who already have programming experience, I'd be very interested in what you think of this post and if you have any more thoughts to add or resources to recommend.

The best advice I can give to a beginner is: start programming as soon as possible. Unfortunately, the way most beginning programming courses are taught now you usually don't learn enough to really make anything fun or useful until about the middle of the semester. The reason for this seems to be that teachers think students ought to learn object oriented programming before they learn procedural programming and they spend a lot of time teaching you how to make objects before teaching you what the heck you can do with them. The result is that I see a lot of beginners who just don't have a firm grasp on the basics.

Even if you've only ever taken algebra, procedural programming is easy to understand. It's also called functional programming, remember functions? f(x) = x^2 is an example of a function. Functional programs are essentially more complicated functions, which themselves call functions, and which in turn call more functions and so on. A common functional programming language (although more expert programmers might balk at this classification) is C. A lot of other languages like Python and JavaScript allow you to write in both object oriented and procedural code. What I like about procedural code it's easy to start writing stuff that does useful and interesting things right away. All you need to know are a few basic concepts and you're off and running.

IMHO, object oriented languages like C++ and Java have a bit higher learning curve than procedural languages because they require you to understand abstract concepts like classes and objects. The best way to understand OO (the abreviation of object oriented programming) is through analogies. Think of a microwave. It's got a bunch of buttons that allow you to tell it's innards how long and at what intensity to nuke your burrito. You don't have to understand how the microwave works in order to use it. In fact you'd probably rather not know! Objects are the same way, you put your data and functions together in an object and hide everything except the object's controls. That way anyone who wants to use it doesn't need to know how it works. They just push the buttons. When you make a program in an OO language you model your problem with a bunch of objects and make them interact with one-another in a specified way. For example, you might make player, monster, and map objects for a video game, or you might make checking and savings accounts for an ATM. It's a fine way to make a program, but it's a lot to take in if you've never coded before. Most teachers will disagree with me but my advice is to start with procedural programming.

So, if you're interested in learning to code before you take cs125 at BSU, or some similar programming course, which I strongly recommend, here are some resources that might be useful:

C for dummies
I love this book. The author, Dan Gookin, is entertaining and makes the subject matter very easy to understand. There's a free online copy through the BSU library. You typically have to be logged into both the bsu library (when you click on the link above, a little login link appears just below the listing if you're not logged in) and worldcat (see the upper right link on the page) to access Albertson's Library ebooks. Once you're logged in, click on "other libraries" then hit "ebrary" then click on "ebrary title preview" and you'll see a kind of clunky interface that shows you free copy of the book. For the bigger book (also by Gookin), C for dummies All-in-One you'll have to do an inter-library loan, which is really easy to do. Just click on the handy "request through inter-library loan" link on that page.

You could also try your hand at JavaScript. I should point out that while they have similar names JavaScript has absolutely nothing to do with Java. With JavaScript there is no need to compile and install anything. Any computer is ready for you to start programming right out of the box. All you need is a browser and a simple text editor like notepad. W3Schools is a great resource for all things web-development, and I highly recommend their JavaScript Tutorial. If you don't know HTML, read that tutorial first, it shouldn't take long.

In searching for things to post in this, uh...., post, I found what looks to be a promising book. I've just skimmed this, but Eloquent JavaScript looks to be a very clearly written introduction to programming using JavaScript.

There's also this great interactive JavaScript tutorial. It's called code academy. If you try nothing else in this blog, try this. It's got an interactive command prompt that tells you what to type, then tells you what you just did. It's really slick.

Finally, there's _why. He's the mysterious figure who championed Ruby and then disappeared from the face of the Internet. Thankfully his funny entertaining online book (with comic strips! No seriously, check it out, it's seriously entertaining.) and online interactive programming environment including an interactive tutorial are still available.

Saturday, November 5, 2011

Poor old dusty cs blog

I thought I might try to give an update on the state of the club and plans for the future.

First of all, there is a LAN party scheduled for Friday, November 11 from 5 to 11 in simplot c. Bring your rig, hook it up, and start playing. We'll also have an XBox 360 and I'm bringing my ps2. Please let us know on Facebook, groupspaces or email if you'd like to attend.

We have had good attendance for our regular meetings. It's been a great time for us to get together, talk, and maybe take care of some business if there is any.

We need to work more on promotion and recruiting and we're taking steps to make that happen. Balancing schoolwork and club work has proved to be a challenge.

Our main game dev project has changed. While I don't want to discourage those who want to continue making the blender game I think the learning curve for beginning CS students is a little high. We're now working on Mecha-Pega-Pony-Corn, a silly but simple 2D platformer in Java. I think it might be easier to recruit artists, musicians, and writers to this simple project as well. And of course, we could always use more coders!

I have great hopes for the web dev club. We are working on the new web site and expect to secure funding for hosting and a new domain name soon. Perhaps we can get the security group going again to make sure this thing doesn't get hacked.

I've been talking with one local company about setting up a presentation on databases, hopefully that will happen soon. There's another CS Extras event coming up this wednesday. RSVP's will be open to more than just beginning students soon I expect.

For the future I would like us to get to a point where we have speakers an events lined up with advertising ready to go throughout the semester. For the more immediate future I've just been contacted by the Some of the other engineering clubs about a multiple club event during dead week. We also wanted to have a movie night soon. I'll let you know what's up as soon as I find out. (After homework is done. :) )

I hope your studies are going well.

Have fun,

Steve Smith VP of the BSU CS Club.

Friday, September 2, 2011

Best Coding Practices - Not Just For Security!

SQL injections, along with other predictable vulnerabilities, are the result of poor coding practices.  Unfortunately, many University Computer Science programs (and programming books) don't cover this critical element in-depth.  As a result, they churn out "disasters waiting to happen" alongside each new graduate CS major.  In addition, business managers tend to not be familiar with proper software security practices - especially when their job is to manage the bottom-line.

Best coding practices can be broken down in several ways.  First, we can address said practices from the standpoint of overall software engineering and design.  Within that context, these practices are designed  to mitigate the probability of introducing human errors into your applications, regardless of the software model used to create them.

In general, Best Coding Practices can be broken down as follows:

1) Lifecycle
2) Requirements
3) Architecture
4) Design
5) Code Building
6) Testing
7) Deployment

In addition to the above, there's the ever-so-important Secure Coding Practices which every professional programmer should be intimately familiar with.  In fact, I think this is one area that distinguishes an amateur programmer from a professional (capable of writing viable commercial-quality code).  In summary, the common SCP are:

  • SQL injection
  • Web server- and client-related vulnerabilities
  • Use of magic URLs, predictable cookies, and hidden form fields
  • Buffer overruns
  • Format string problems
  • Integer overflows
  • C++ catastrophes
  • Insecure exception handling
  • Command injection
  • Failure to handle errors
  • Information leakage
  • Race conditions
  • Poor usability
  • Not updating easily
  • Executing code with too much privilege
  • Failure to protect stored data
  • Insecure mobile code
  • Use of weak password-based systems
  • Weak random numbers
  • Using cryptography incorrectly
  • Failing to protect network traffic
  • Improper use of PKI
  • Trusting network name resolution

Here's a great book on writing secure code, available at a reasonable price:

By the way, SQL injection attacks should not be possible in a properly encapsulated web application, even if other secure coding standards are not followed.  In almost all cases, there is no viable reason to allow ad-hoc SQL code to be accepted by the program from the URL string, either as a GET or POST query.

Stanford's free online courses

Stanford is offering free online courses for anyone to join.  From the site: "Students will have access to lecture videos, receive regular feedback on progress, and receive answers to questions. When you successfully complete this class, you will also receive a statement of accomplishment."


Artificial Inteligence

Machine Learning

Monday, August 29, 2011

Anybody use IRC?

I am looking to find someone who knows how to setup and use IRC. I want to get a lot better at it, but I find that the more I ask questions, the more people stop chatting. I would like to find someone that can sit down and show me one-on-one how to setup and use it. If you know how, please send me a message

Thanks everybody.

Friday, August 26, 2011

Testing 1...2...3

Hello, just wanted to test this thing out and let everyone know that there is a new Security Group subgroup for the CS Club. I plan to have lots of fun activities to learn as much as we can over the months. Sign up now!

Wednesday, August 17, 2011

Google Calendar, OY!

If, when customizing an embedded Google calendar, the customization doesn't show on your site. Try closing the page and opening it, or clearing your cache. Oy, the frustration!