Re-thinking 6th Grade Computer Science

I recently finished my fourth time through this class. I thought it would be nice to reflect on what has changed, so I looked back to my post immediately after my first class had finished. First, here’s what hasn’t changed. It’s still a 6 week unit, with two classes every day. The kids are still great, and I still have great classroom teachers to lean on. They still respond best to lessons that have a physical component, and are wildly enthusiastic about a great number of the topics I cover. Finally, I’m still making my own curriculum from scratch (although now I do have a lot more resources to draw from.)

So what’s different? Well, first of all, there are a LOT more really good resources out there. While I haven’t found a single program that covers everything I want to cover in the time I’ve got to work with, there are an abundance of resources I am pulling ideas from now. For example, Code.org has gone beyond coding to add a library of excellent videos on computer science. I used a lot of these this year! Also, the British have recently revamped their entire national computing curriculum, and they have some great lessons available to the rest of us. It seems like everywhere I look, now, great CS resources are being added. This is a huge departure from the heavy emphasis on coding and applications skills I saw five years ago.

Another thing that’s changed is the amount of emphasis on security. It may be because of my own increase in security-mindedness, or just because of the interest the students take, but we spend more time each year talking about security, frauds, and hacking. I do think that’s fully justified, considering the increasing threats and privacy issues we face on a daily basis. But the kids can’t get enough. Hardly a day went by after I introduced a James Veitch video that I wasn’t asked if we could watch more. And I was really amazed at how many students told stories of their parents or grandparents falling victim to a scammer. I’m fairly confident that my students will not fall for easy scams down the road, at any rate.

Likewise, I’ve given increasing attention to copyright. When I first introduced this into the curriculum, I thought I’d just get through it quickly, because the kids needed to be aware. But we’ve had such great discussions about it that I’ve been devoting a lot more time to the issue.

I have started introducing coding into my class. I give it a couple weeks near the end, and I do get some more time in the winter to code with them. Every year I’ve done this, I’ve added a bit more structure to it, and every year I get better results. I’m still looking for the winning formula, though, to balance having everyone on the same page and making sure everyone is challenged. I’ve started mostly on Code.org’s Express course, with advanced students doing Scratch. And each year I’ve had a couple students move on to Khan Academy’s JavaScript unit.

So here’s what I’m covering as it stands.

Boot Camp
Classroom proceedures, documents, printing, logging in, good passwords, search, basic troubleshooting
Digital Citizenship
Dangers online, creating a positive digital footprint, scams, being a good citizen
Hardware
History of computing, parts of a computer
Networking
How computers communicate, how the Internet works
Data
Binary numbers, encoding text and images, copyright, cryptography
Programming and Computational Thinking
Using Code.org, Scratch, Khan Academy
Other common topics
Presentation software, 3D design, “hacking”

My latest 3D-printed helmet

This was not my finest work, but after 200 hours of printing and at least 40 hours of finishing work, I thought I should put it up here. The kids have been enjoying it, and asking lots of questions, so I’m calling it a success. IMG_0070.JPGIMG_0069 (2).JPGIMG_0061.JPGIMG_0057.JPGIMG_0016.JPGIMG_0008.JPGIMG_0003.JPG

An update to my never-ending quest for cheap Chromebook storage

I don’t think I’ve posted my two current Chromebook storage schemes. Both have been in use for a while without significant problems. Both are really cheap. One uses an Ikea bookshelf with 3D-printed holders and wood separators that I made myself. The other uses file holders I got from Office Depot and a cheap plastic box.

IMG_0073.JPG

 

IMG_0072.JPG

Surface Laptop

I had very high hopes for the new surface laptop when I first saw it. It’s a great looking machine, meant to fit into the education market by competing with the Macbook. The display looks wonderful, and it will work with a pen (although that’s not included. I really like the Surface 4, and thought this might be a less costly alternative. Unfortunately, I think Microsoft really missed the mark. First, the price ensures that this ONLY competes with the MacBook. Microsoft is completely missing the low-end (and the middle!) of the market. Half the laptops in schools are now Chromebooks, and most educators seem to be really happy with them. This is only an inexpensive education computer if comparing it to previous Surface models!

But I think they are also missing the high-end market. This laptop is using a stripped-down version of Windows, which won’t appeal to power users. It also doesn’t have terribly impressive specs in the base model. It doesn’t have a discrete graphics processor. It lacks USB-C and thunderbolt ports. It ships with 4 GB RAM. This makes the machine less useful for video editing or heavy use. In other words, less useful for anything that a Chromebook can’t handle.

All this is unfortunate, because at first glace, this looked like a machine I really wanted to own!

Ars Technica First Look at the Surface Laptop

What I learned from my first CTF

My older son is a hacker. He’s going off to school to learn to be a better hacker. And the way hackers compete for fun, apparently, is a game called Capture the Flag. Two weeks ago, my hacker started a new CTF. It looked so fun, I decided to give it a shot as well.

The game I joined was picoCTF. It works like this: you create an account (usually with a pseudonym) and solve challenges for points. Each challenge results in a “flag,” which you can enter into the website. The flags are often strings of numbers and characters, and they may be found in any number of ways and require a multitude of tools and skills. Here is the one that got me hooked:

You’ve found a mystery machine with a sticky note attached to it! Oh, there’s also this picture of the machine you found.

While I’ve talked about Enigma to my classes, I’d never actually used it before. And a lot of the challenges were like that for me. I knew about SQL injections, where a poorly coded website can be made to execute foreign code through an input box like login name. Now, I have actually done it.

Most of the questions took me between ten minutes and 10 hours of research to solve. One particularly frustrating problem I finally managed dealt with decrypting an RSA-CRT code. I had to write a program in Python (in which I am not proficient) to solve it, using math I have never used before. While I’d heard of RSA and knew generally what it was used for, I had never bothered to look into the details. Now I know a lot more about both RSA and Python, including the difference between using exponents in the form x**y, which may take hours to computer, and using the pow() function, which may take seconds.

And this is the real value of the CTF to me. I have learned a lot of things that are good to know, such as the basics of assembly language or steganography. And I’ve learned to use some really neat tools, such as hex editors and debuggers. And I really got familiar with command-line tools such as nc and pico. And, aside from some help from my son, I learned all this on my own at the prompting of the contest. All for points which can’t be exchanged for anything but pride.

I highly recommend giving picoCTF a try. Even if you only solve a couple challenges, you are sure to learn something. I will definitely be taking some of these ideas into my classroom!

 

 

ExploreEDU at Google

I had the opportunity to attend ExploreEDU today, at Google Atlanta. I want our schools to look like this! The space is exciting, and filled with conveniences. It’s inspiring just to hang out here. 

Breakout challenge

breakout-2

I made my 6th graders a second breakout challenge, after they kept clamoring for one. It was slightly too long for the 45 minutes they had, and did require some collaboration  between groups. I had two groups out of 8 finish, both a few minutes after the 45 minutes. A number of other groups were close behind. The students said afterward that they had fun and that it wasn’t too difficult, but I would either use more time or a couple slightly easier puzzles next time.

Design:

Students given Black Ammo Box, Clue Sheet, and lockpicks

Black Ammo Box with lockout hasp, 3 locks
Lock 1- pickable clear padlock
Lock 2 – directional lock, clue #2, combo is Up – Left – Up – Right
Lock 3 – clue #1 Hex decodes to “How you get wifi + the ultimate answer” combo=WAP42

Inside box – Final Challenge sheet (taped in place to avoid box tampering)
Has website and quiz with clues to key (Key is TURING)

Website – “The clue is below:”
Clue is white text on white background, encrypted with Vigenere, key is given by quiz
Clue: PBFEN YVUCT RJMBV NNZAY IWSOG ZFZZG MCFVG KVBEW YUZSK MYRMB FU
Clue decodes to: Who was called the Father of Information Technology Tell Thom
Answer is Claude Shannon

Challenge skills:
Lockpicking
Google search
Recognize hexadecimal numbers and decode to ASCII
Search hidden text on a website
Decrypt Vigenere cipher
Remember important CS facts
Find an IP address

Clue Sheet

#1.
48 6f 77 20 79 6f 75 20 67 65 74 20 77
69 66 69 20 2b 20 74 68 65 20 75 6c 74
69 6d 61 74 65 20 61 6e 73 77 65 72

#2
Frogger! The Frogger Musical

#3
Directional lock directions:
push hasp in twice to clear BEFORE putting in combination
Combination is four movements

Final Challenge

The final challenge is at https://sites.google.com/cliffvalley.org/finalpuzzle/home

You’ll need a key, though. Use the clues below to find it.

Which of the following is an input device?
Hard Drive E
Monitor S
Speakers K
Microphone T

What part of a computer processes information?
RAM T
WAP E
CPU U
SSD A

What are the first three digits of your computer’s IP address?
255 S
168 W
192 R
120 E

Which type of memory is the fastest?
RAM R
Hard Drive D
Cache I
Flash Drive S

What is measured in GHz?
CPU speed N
Amount of memory C
IP Address D
Hard Drive F

What decimal number is represented in binary as 10011?
19 G
18 B
21 T
35 S

Malware email

Malware is malicious software that can infect your computer and affect its behavior. Malware includes viruses, worms, trojan horses, spyware, adware, ransomware, and more. These are classified by the method they infect a system or by what they do afterward. For example, viruses infect when you open an infected file. Worms do not require any user action to spread – they spread automatically to unprotected computers. Malware can be a serious problem, but it is usually fairly easy to protect against these days.

There are just a couple things to do to stay safe from malware. The most critical step is keeping your operating system up to date. Go to Windows Updates or System Updates on Windows or Macs, and turn on automatic updating. The second thing is to be extra vigilant when opening emails. That’s really it! That will protect you 95% of the time from the really harmful stuff.

That said, there are two types of malware you should be familiar with.

The most frequent malware I see recently is adware. This is often an extension installed in an internet browser, with a name suggesting that it allows people to work with PDFs, for example. When installed, the extension hijacks the browser to serve up ad sites, and may install other extensions as well. This type of malware is usually just an annoyance, but could also cause serious problems. Fortunately, removing it is usually as simple as deleting the extension in the internet browser settings.

A more dangerous type of malware is known as ransomware. When ransomware infects a computer, it encrypts the user’s files. It then demands a payment for the key to decrypt them. Ransomware has been on the rise recently, and has made tens of millions of dollars from businesses, hospitals, and schools. Because it has been so lucrative, ransomware attacks are expected to increase. If you are infected with ransomware, you should contact a professional immediately.

As with most security, the first line of defense is you. Take care when opening email attachments or clicking suspicious links.

Steps to take:

  • Make sure your operating system and software is up-to-date.
  • Be careful opening files from an unknown source, including email, even if it LOOKS like it’s known
  • Keep your anti-virus software updated.
  • Make sure your system is backed up regularly.

Internet of things email

The “Internet of Things”, or IoT, is the name given to the barrage of consumer devices recently released that connect to the internet. These include security cameras, baby monitors, DVRs, thermostats, light bulbs, refrigerators, and all kinds of devices that somehow we can’t live without anymore. We tend to think of them as devices with a computer attached. These devices can be a huge security problem, though, and it is more accurate to think of them as a computer with a device attached. These devices sit behind your home network’s defenses and interact with all of your other devices in what should be a safe area. They are designed as consumer devices, and there is just not much of a concern for their security. Most users never change their default passwords or update their programming, and many of these devices have backdoors that their owners have no control over. This makes them a rich target for hackers, who can take control of them and use them to attack other targets.

There are a number of steps you can take to protect your home network and limit your exposure to security risks. The first step is to secure your router, which I discussed in the last letter. That will secure your perimeter. Next you need to look at all of the devices that can punch holes through it.

You should take an inventory of all of the network-connected devices in your home. You will very likely be surprised at how many there are. They include all your computers, smart phones, tablets, and smart watches. Cable boxes, DVRs, and gaming consoles all connect, as do security systems and cameras. If you have Amazon’s Dash buttons or Echo, they go on the list. Smart thermostats, lighting systems, and networked speakers do as well. Most likely, you will need to include your printers. And there are a whole lot of new connected devices you probably don’t have yet: door locks, smoke detectors, washers and dryers. Pretty soon, everything will be connected.

The second step is to change the default passwords on each device and update its firmware. This may seem like a daunting task, but if you’ve started using a password manager (hint!) it will go a lot quicker. You can find directions on changing the passwords on the manufacturers’ websites. Updating firmware is only a little bit more tricky. Firmware is the built-in programming on a device, and will usually be updated periodically by the manufacturer. Unfortunately, the manufacturer usually leaves it to the consumer to check on available updates and install them. Consequently, it seldom happens. This is one of the most important steps you can take for securing these consumer devices, however, so set aside some time to do it!