Professor Eric Roberts of Stanford will talk tomorrow (4:00pm Thur 24 April, 231 ITE) on Rediscovering the Passion, Beauty, Joy, and Awe: Making Computing Fun Again. He’s well known as a master teacher and his his insights into teaching computer science will well worth hearing. Here is the abstract for his talk.

Has anyone considered the possibility that it’s just not fun any more? — Don Knuth, October 2006

Over the last five years, computing education in most developed countries has faced a seeming paradox: despite projections that the field offers tremendous employment opportunities and extraordinary growth potential for the foreseeable future, student interest in pursuing computing degrees has plummeted. In response, many educators have called for a massive overhaul of computing curricula to increase its attractiveness to students. In this talk, I argue that such efforts are misdirected in that they fail to respond to the underlying causes of the enrollment decline, which are the following:

• Fears about the long-term economic stability of employment in the computing industry continue to have a profound effect on student interest in our discipline.
• The kind of exposure students get to computing at the elementary and secondary level tends to push people away from the discipline long before they reach the university.
• The image of work in the field — and, more importantly, all too much of the reality of work in the field — is unattractive to most students and no longer seems fun, particularly in comparison to other opportunities that bright students might pursue.

I will conclude the talk with suggestions as to what universities, schools, industry, and government can do to address this problem.

See update below.

The College Board has decided to eliminate their Advanced Placement test in computer science. It’s well known that the number of university students choosing computer science as a major has been declined significantly in the past six years. Many organizations, including the the Computing Research Association, have developed strategies to address this by enlarging the pipeline. A part of this is working to increase interest in the field in high schools and middle school. Eliminating the computer science AP test will discourage high schools from offering computer science courses and their students from taking them. Here’s a story from the Washington Post.

AP Language, Computer Courses Cut

The College Board told U.S. teachers in an e-mail yesterday that four underenrolled Advanced Placement courses will be eliminated after the 2008-09 academic year in the first significant retrenchment of the college preparatory program in its 53-year history.
…
The courses being cut — Italian, Latin literature, French literature and computer science AB — are among the least popular in the AP portfolio. … The eliminated classes are “all less commonly taught disciplines in high schools,” said Trevor Packer, vice president of the College Board for AP. “And they’re under fire sometimes,” he said, in school systems more focused on core subjects.
…
Trustees of the New York-based College Board decided to eliminate the courses March 27 at a meeting in Reston, Packer said. The decision was communicated at 5 p.m. yesterday via e-mail to 2,519 teachers of the affected subjects and to AP program coordinators.

Given a general agreement that information technology continues to be extremely important for our nation’s future and also a good career choice, I think this is a short-sighted decision.

update: Ok. It’s not as bad as it sounds. A post this afternoon on the ACM blog, AP Computer Science is NOT Going Away clarifies things.

“Today’s Washington Post has an article stating that the College Board, (the body that administers Advanced Placement courses) is doing away with several AP courses – including one computer science course. Reading the article, you’d likely reach the conclusion, as attested by e-mails I’ve seen this morning, that all AP computer science courses are being eliminated. This is not the case. There are two AP computer science courses – AP Computer Science A, and AP Computer Science AB. The college board is eliminating the less popular AB course, not the A course. … “

The appointment of Rod Beckstrom as the new head of the DHS National Cyber Security Center is interesting, if somewhat controversial. See, for example, the article Cybersecurity’s New Guard in BusnessWeek.

“The Bush Administration named Rod Beckström — entrepreneur, author, and decentralization expert — head of the National Cyber Security Center on Mar. 20. … Beckström, 47, is a Silicon Valley entrepreneur, a former derivatives trader, and a champion of conflict resolution in Africa. He’s better known as the founder of business collaboration software provider Twiki.net and as an author specializing in the agility of decentralized organizations than for connections inside the Beltway or expertise in cybersecurity.”

What’s somewhat controversial is his lack of a strong background in security or computer and communication technology — he’s an MBA. What’s interesting is his perspectives on and enthusiasm for decentralized and “leaderless” organizations, as articulated in his 2006 book The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations, which I’ve not read, btw.

“Brafman and Beckstrom, a pair of Stanford M.B.A.s who have applied their business know-how to promoting peace and economic development through decentralized networking, offer a breezy and entertaining look at how decentralization is changing many organizations. The title metaphor conveys the core concept: though a starfish and a spider have similar shapes, their internal structure is dramatically different—a decapitated spider inevitably dies, while a starfish can regenerate itself from a single amputated leg. In the same way, decentralized organizations, like the Internet, the Apache Indian tribe and Alcoholics Anonymous, are made up of many smaller units capable of operating, growing and multiplying independently of each other, making it very difficult for a rival force to control or defeat them.”

In this age of decentralized information and communication systems and asymmetric warfare, I think Beckstrom might have a positive impact in his new position.

The US Bureau of Labor Statistics releases regular projections for changes in demands for different job categories. The Computing Research Association’s blog compares the changes in the BLS predictions for professional-level IT positons and speculated on the factors involved.

While the projected growth is slowing, the actual number of predicted new jobs has gone up in the latest report. Jay Vesco of the CRA comments:

“It would be easy to see the series of lowered growth projections as signs of trouble within the IT workforce. But there are two other factors to consider: (1) in the 2006-2016 report, expectations for growth lowered also for the overall workforce, and (2) it probably has taken some time for the BLS to assess a relatively new group of occupations that is evolving rapidly (as seen also in the swings in computer science degree production). All in all, in each of its reports BLS predicted that the professional level IT occupations would enjoy high salaries and more than twice the growth rate of the overall workforce.”

Choosing a career in the IT field still looks like a good choice.

Joe Hall forwarded an interesting news item to Dave Farber’s IP mailing list on a new Second Life security vulnerability, Exploiting QuickTime flaws in ‘Second Life’. The exploit allows an object with a multimedia link to inject malicious code into the victim.

“Researchers Charlie Miller of Independent Security Evaluators, and Dino Dai Zovi, turned their attention to Second Life during a Saturday morning presentation at ShmooCon, an East Coast computer hacking conference. The researchers didn’t exploit a flaw within Linden Labs’ Second Life, but within QuickTime. They showed how an attacker could make money stealing from innocent Second Life victims.” (link)

Their SmooCon talk was titled “Virtual Worlds - Real Exploits” and had the abstract

“Virtual worlds serve as a new way to deliver exploits to the masses. Besides traditional attacks, they also allow attackers to control the “avatars” of players, including being able to steal the player’s virtual money and possessions. When there is a link between the virtual money and real money, this can be an easy way for an attacker to profit. This talk will address these issues and illustrate the technical details of a Second Life exploit.” (link)

Apparently the general approach used in the exploit has been around for a while, as Vint Falken blogs in The Second Life Quicktime exploit soon redone?. Here’s how Miller and Zovi demonstrated the current version of the exploit.

“For their demonstration, they created “the most evil pink box you will ever see.” They could have linked their malicious code to attributes of an avatar’s hair, clothes, or anything else. They also could have buried the pink box underground or otherwise hidden it, but both researchers admitted they weren’t very good players within Second Life. … In the demo, the researchers were able to show that their avatar became infected when it came too near the pink box. The code they used raided the avatar’s Linden dollars and emptied the bank account.” (link)

Since Linden dollars have a known exchange rate with more traditional currencies, and may even be stronger that the US dollar these days, Second Lifers will have to be careful.

The ACM named Edmund Clarke, E. Allen Emerson and Joseph Sifakis winners of the prestigious 2007 A.M. Turing Award for their research on Model Checking.

From the ACM announcement:

“Their innovations transformed this approach from a theoretical technique to a highly effective verification technology that enables computer hardware and software engineers to find errors efficiently in complex system designs. This transformation has resulted in increased assurance that the systems perform as intended by the designers. … Clarke of Carnegie Mellon University, and Emerson of the University of Texas at Austin, working together, and Sifakis, working independently for the Centre National de la Recherche Scientifique at the University of Grenoble in France, developed this fully automated approach that is now the most widely used verification method in the hardware and software industries.” (link)

Jeffrey Kegler on perlmonks.org offers a proof that static parsing of Perl programs is undecidable in his post Perl Cannot Be Parsed: A Formal Proof. The approach is to show that parsing a tricky example (one short line of code!) can be reduced to solving the Halting problem. Here’s a piece of it.

Kennedy’s Lemma: If you can parse Perl, you can solve the Halting Problem.

To prove Kennedy’s Lemma, we assume that we can parse Perl. In particular this means we can take the following devilish snippet of code, concocted by Randal Schwartz, and determine the correct parse for it:

whatever / 25 ; # / ; die “this dies!”;

Schwartz’s Snippet can parse two different ways: if whatever is nullary (that is, takes no arguments), the first statement is a division in void context, and the rest of the line is a comment. If whatever takes an argument, Schwartz’s Snippet parses as a call to the whatever function with the result of a match operator, then a call to the die() function.

See his post for the complete proof.

Today’s Washington Post has a story, Electronic Passports Raise Privacy Issues, on the new passport card that’s part of the DOS/DHS Western Hemisphere Travel Initiative. The program is controversial since the cards use “vicinity read” radio frequency identification (RFID) technology that can be read from a distance of 20 or even 40 feet. This is in contrast to the ‘proximity read’ RFID tags in new US passports that require that the reader be within inches. The cards will be available to US citizens to speed their processing as they cross the borders in North America.

“The goal of the passport card, an alternative to the traditional passport, is to reduce the wait at land and sea border checkpoints by using an electronic device that can simultaneously read multiple cards’ radio frequency identification (RFID) signals from a distance, checking travelers against terrorist and criminal watchlists while they wait. “As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through,” said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published yesterday in the Federal Register. src”

As described in the ruling published in the Federal Register, the Government feels that privacy concerns have been addressed.

“The government said that to protect the data against copying or theft, the chip will contain a unique identifying number linked to information in a secure government database but not to names, Social Security numbers or other personal information. It will also come with a protective sleeve to guard against hackers trying to skim data wirelessly, Barrett said.” src

Of course, if you carry the card in your purse or wallet, your movements can still be tracked by the unique ID on the card. There are also security concerns since the tag’s ID may be cloned.

“Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make another kind of RFID chip, one that can only be read up close, and he is critical of the passport card’s technology. It offers no way to check whether the card is valid or a duplicate, he said, so a hacker could alter the number on the chip using the same techniques used in cloning. “Because there’s no security in the numbering system, a person who obtains a passport card and is later placed on a watchlist could easily alter the number on the passport card to someone else’s who’s not on the watchlist,” Vanderhoof said.” src

Tomorrow’s (!) Washington Post has a good article, In Peru, a Pint-Size Ticket to Learning on how the project is working out in Arahuay, Peru.

“Doubts about whether poor, rural children really can benefit from quirky little computers evaporate as quickly as the morning dew in this hilltop Andean village, where 50 primary school children got machines from the One Laptop Per Child project six months ago.

These offspring of peasant families whose monthly earnings rarely exceed the cost of one of the $188 laptops — people who can ill afford pencil and paper much less books — can’t get enough of their XO devices.

At breakfast, they’re already powering up the combination library/videocamera/audio recorder/musicmaker/drawing kits. At night, they’re dozing off in front of them — if they’ve managed to keep older siblings from waylaying the coveted machines.” (src)

Computer Science departments in North America and Europe are struggling to increase their enrollments after the decline that started when the dotcom bubble deflated. Most are following a strategy to find ways to engage students by showing them that the field is both interesting and socially relevant. I think that the OLPC project and others like it can help do this. It will be motivating for many of our students to target software to this device and produce something for the good of humanity. For example, we can get some of the many students interested in game development to try to port/write educational games to the XO. The XO laptop is custom hardware running a stripped-down Red Hat Linux with a custom user interface and has XO emulators available. Since not much is standard, there will probably be a big need for writing device drivers and porting lots of common open-source packages. Developing software for the XO could be a good project as part of many core computer science, computer engineering and information systems courses.

We have one of these in the department now and I hope that we can get more.

I confess to being thoroughly confused. The revealed wisdom in US higher ed has been that we are simply not producing enough grads in the STEM area, and we need to do more to attract folks to sciences/engineering/IT etc. The National Academy of Sciences weighed in on this as well. We certainly keep hearing that here in our department, with exhortations to increase enrollment.

However, the Urban institute folks (Lowell and Salzman) claim that not only is the US not lagging behind other nations in the quality of STEM education at the school level, it in fact overproduced STEM grads (three times as many as the net growth in jobs) in the period from 1985 to 2000. So not enough or too many STEM grads — which is it ?

This of course further muddies the immigration/ H1B debates. The IT industry claims that there is a shortage of IT grads, and so they need to be able to hire more from overseas. The “Immigration Restrictionists” of various flavors, and the Programmers Guild like organizations, argue that this is just a part of plan by corporations to keep the wages in the IT sector depressed. Many of them have blogged about this new Urban Institute study, offering it as proof that the H1B type programs can be scrapped.

However, if the primary push behind lobbying for increased skilled immigration/H1 workers was depressing (or at least not increasing) the wages, then a factor of three overproduction within the US should take care of this, right ? In other words, all the folks in STEM fields who weren’t getting jobs in their area would sign up for short MSCE/CCNA type courses (or AAs in IT) and then get hired. I presume Bill Gates or others don’t particularly like foreigners enough to go through and pay for the H1B/Green card process when they would achieve the same wage depressing affects by hiring US citizens retrained in IT areas from the oversupply in the overall STEM areas?  On the other hand, there is  a recent statement by Fed chief Bernanke doing rounds of the blogosphere that a non increase in STEM wages would indicate that there wasn’t a shortage in the area. 

Net result, I am not sure what to believe anymore.  In admissions events, I dutifully present data from CRA (which in turn got it from BLS)  that seems to indicate that within the wider STEM areas, IT (strictly, Mathematical and Computer Sciences) would be the subfield where the total production of degrees would fall short of the projected job openings, even factoring in all the outsourcing.

The well known Labor Economist visited UMBC last week to give a lecture in our humanities series. Borjas is very well known in political circles for his economic analysis of immigration. More importantly, not only does he write scholarly papers, he actually blogs in a way that folks like me who haven’t even done ECON 101 can understand his points. I haven’t read any of his papers to see what they look like, but in his blogs he is fairly clear about his opinions on various issues related to immigration. See for instance this interesting post about “protectionism” on broadway! I don’t always agree with what he has to say, but it is always a pleasure to read well written posts that say something reasonable backed with some data and analytic rigor.

So I went to the lecture with great anticipation. I reached a few minutes late, and the room was already full. The presentation itself was good, but a bit of a letdown. Perhaps because he didn’t want to be too controversial in a “distinguished lecture” type setting ? He presented data (increase in immigration since 1964, concentration of that immigration in select areas making the effect local, confounding factors when you try to analyze wage effects of immigrants, the fact that the wage depressing effects of immigration have most hurt the lower strata of society, the fact that an average immigrant today earns less than the native born, which is a change from the 60s and so on). However, he didn’t go much further by saying something which is both true and a copout — namely that what policy implications you derive from this data will depend on what your objective function is. He joked about letting everyone in if the goal was to alleviate world poverty or somesuch.

I also noticed that he did not split his data into effects of legal and illegal immigration. It would be interesting to know if there are differences ? Amongst legal immigrants, does employment based versus family based immigration make a difference ? Especially when one of the things that the now dead “comprehensive immigration reform” bill was discussing was a points based system for immigration.

Sigh….

At the end of last week we had a catastrophic failure that resulted in our losing most of our posts. We had a security problem where someone had managed to compromise one of our blog accounts with administrative privileges. Some of the files were modified. We noticed it right away and decided to restore the site files and database from our nightly dump.

However … it turned out that when we did a major Wordpress update back in February 2006, we created a new database but failed to update our backup script. So, for the past 19 months, it’s been creating a nightly backup of the old database. Restoring the old database not only resulted in loosing 19 months worth of posts, but also left the database out of sync with the current Wordpress version.

One of our former students (thanks Filip!) wrote a script to recover the old posts from Google’s cache and reinsert them into the database. it was a tour de force demonstration of quick programming skill. There are still some problems that we’ll need to attend to — we’ve lost all of the new categories that we’ve added since 2/2006, the ‘related posts’ plugin is no longer working, I think the feed links aren’t all right, etc. But we recovered the posts.

We’ve tightened up our security but continue to see lots of malicious visitors knocking on the door and checking the locks.

It’s a jungle out there.