CS 341: Automata Theory (Rich)

The topics for this course were a succession of finite state machines, pushdown automata, turing machines, and a bit of complexity theory. Some of the homework assignments take many hours to finish, but unfortunately they’re necessary to really understand the material. Rich lets you work in groups for the homeworks, which is useful because it’s easy to just stare at a problem for an hour without any ideas as to how to proceed. Just make sure that after you gain a better understanding you’re also able to work things out on your own. As long as you can do that, the tests should be alright.

CS 345: Programming Languages (Cannata)

Unfortunately, this is a required course. That’s about as much as I can say for it.

CS 378: Network Security and Privacy (Shmatikov)

Last year I was disappointed when this class was cancelled, but after taking it this year I’m really glad I got that extra year experience. Shmatikov expects you to know some C and Javascript going in, as they’re required for the projects and parts of the lectures won’t really make sense if you don’t already know the basics. There is a lot of material covered quickly in this class, so be prepared to do a bit of extra reading to get a full understanding. Overall, though, it was a great class and was probably one of the classes that I’ve gotten the most out of.

CS 361: Introduction to Operating Systems (Dahlin)

If you love spending long nights coding in the basement labs, you’ll love this class. The focus is mainly on multi-threading. Dahlin was in the middle of writing a textbook for the class, so we only had the first two or three chapters. Since we went over the same material in lectures, though, it wasn’t much of a loss. We were also an experimental class in that we had projects in C, C++, and Java just to see how it would work it. I really enjoyed it, because it’s a way of getting different perspectives at what are sometimes similar problems. Just make sure to do the homeworks also, no matter how little credit they may be, because that’s the best way to prepare for exams.

When I started as a proctor, I didn’t expect this problem. Upload scripts from previous semesters had been passed down and looked promising… but failed.

A quick look over the script was enough to identify the problem. The web addresses in the script were http:// when what I really needed to use was https://. The obvious solution was to update the addresses in the script, which of course still failed.

My next idea was to use replace the whole curl part of the script and instead use wget. However, wget doesn’t support multipart form data so that was another dead end.

At this point, I figured I was stuck using the browser, but maybe a Greasemonkey script would be able to perform bulk uploads. After all, it’s just adding extra forms to a page and submitting them. But no, modern browsers don’t let you auto-fill the path of file input in forms, which in retrospect makes complete sense.

So I was stuck with curl, which I was already able to use to set cookies or to fetch a page or text file. However, downloading zip files also wasn’t working. Time to look up the curl man page and just try anything:

• Added -i to also include the headers for extra feedback
• Added -referer, although no one in their right mind would rely on the referrer given
• Added -A to specify Firefox as user agent, also dubious
• Used -H 'Accept-Encoding: gzip,deflate' to attempt zip downloads
• Changed the keep-alive settings

Nothing helped.

I switched between using the -d and -F flags to specify the content type, but only got Error - bad file data and 403 Forbidden respectively. One of these must at least be a step in the right direction, but which was it?

Finally, I figured out how to use --trace-ascii dump.txt to see exactly what was going on but didn’t know what to look for until downloading an HTTP analyzer for Firefox and using that for comparison. At last things finally started making some sense. As noted in a blog post from Ian Dennis Miller, an Expect: 100-continue header was also in the trace.

I added -H 'Expect:' to the command and it finally happened. I uploaded a comment file remotely. Halfway through the semester and finally some down time to get things working. Damn, I love Spring Break.

• when we’re working with unfamiliar code, we can split up and then guide each other through the parts we know
• hearing/seeing other people’s thoughts keeps my mind fresh with new ideas
• I’m not so tempted to be checking my email or playing Mines
• at least someone knows how to get C/C++ code to compile

However, pair programming does come with its challenges. For college computer science courses, one of the biggest is finding a time you can work together, but the challenge I’m most interested in is agreeing on an editor to use together. Sometimes it’s simple. For Network Security and Privacy, there was barely any coding involved so my partner and I managed to do the whole thing with gedit. (Well, okay, I did type up one short script in vim). In Software Design last year, we were learning how to use tools with NetBeans, so there wasn’t even a choice there.

In Operating Systems, though, my partner and I need an editor that’s more sophisticated. Okay, there are plenty of those, no problem, right? But the fact of the matter is that he’s an Emacs afficionado and I’m vim all the way. I prefer simple keystrokes to Meta-combos, and he just doesn’t grok command mode.

I’ll admit it. Honestly, the Esc key often seems kind of far away, and after years of use I’ve only recently started getting the hang of visual mode. (In retrospect, I have no idea why it took me so long.) But he’ll open up Emacs with our project, I’ll have a burst of inspiration, grab the keyboard, and at the end type in :w. Ugh! Other times I’ll open up vim and then he has a burst of inspiration but causes crazy stuff to happen because I wasn’t in insert mode.

By now I think he does know how to get into insert mode and I’ve at least learned how to save in Emacs, but it’s obvious that one editor isn’t going to work for the two of us. We needed a new plan…

So screw the former pair programming paradigm! We now sit happily side-by-side with two different monitors, two different machines, two different keyboards. He keeps Emacs open, and I’ve got my vim. Whoever’s driving at the time gets to use their preferred editor and then check in the code once there are any changes or we want to switch off. And whenever we’re absolutely stuck on something, we both get to fiddle around with the code individually until one of us finds something that looks like progress.

It’s kind of weird, though. The last time we were working on a project together, I was using DVORAK and having to switch back to QWERTY regularly to pair program. If we managed to agree on an editor, I’m sure we’d find something else crazy to disagree on. Then again, anything’s better than fuv.

CS 337: Theory in Programming Practice (Misra)

From the name of the class, I thought this would be a theory class, but it’s really more just a set of programming exercises to give you a little more practice before you take on the more advanced computer science courses. Of course, there are some proofs thrown in as well, but it’s not much more advanced than what you learn in CS 336 (as long as you remember it). If you take Misra and aren’t paying attention in class, prepare to be called on. Otherwise, just make sure you set aside enough time for the programming projects. They often appear easier than they really are.

CS 347: Database Management (Miranker)

I thought this would be my best class last semester. Since I took Software Design and simulated the Gamma join architecture as one of our projects, I’ve found databases interesting. Unfortunately, this class just glossed over the areas that I found interesting. The course was also very disorganized (once we had just two lectures between exams and the homeworks were over-vague), which made it difficult to learn anything in much depth. Other students who had no previous experience with databases say they got a lot out of it, but if you already know a bit then doing some reading or taking an online course may be more useful.

CS 344M: Autonomous Multiagent Systems (Stone)

Going into a research class for a topic you have no interest in is never a good idea, but I can see how almost anybody else would have loved it. We worked in pairs to create new or improve on existing teams for the Robocup soccer simulator and had a tournament at the end of the class. By starting from a complex team (though not improving much on it), my team won the 2D tournament. We also discussed automated traffic controls, chatbots, bidding agents, and other applications of autonomous agents. If you’re not familiar with C, getting started may be a bit difficult. This is the only computer science course so far in which I made a B, but it was worth it overall.

CS 361: Introduction to Computer Security (Young)

This is probably one of the easier upper-division CS courses. There wasn’t any required textbook, which was nice. The lectures were usually pretty straightforward and just a little bit interactive. Other than the occassional stories about security blunders, it could get a little boring, but what really made the class worthwhile was the projects. We learned how to crack UNIX passowrds, implement AES, simulate covert channels, and more. I’d recommend this class to pretty much anyone.

Multilevel security (MLS) presents a set of users and a set of objects to be accessed. Both the users and objects are classified hierarchically with a security level as well as need-to-know categories. For example, you may have an “Unclassified” user trying to read a “Classified” object or a “Classified Crypto” user trying to write a “Classified Nuclear” object.

The Bell-La Padula model defines a way for deciding whether to grant access in each of these cases. This model uses a formula to define whether a certain level combined with a category dominates some other level combined with a category. We’ll define “Classified” as a higher level than “Unclassified”, so in the first example “Classified” (with no category) dominates “Unclassified” (with no category). I’ll ignore categories here for simplification, but in reality for one classification to dominate another, both its level and category set must dominate the other.

Having this domination function defined, we can describe the two main properties in the Bell-La Padula model:

• The Simple Security Property – A user can only read an object if the classification of the user dominates that of the object. (Also known as “read down” or “no read up”.)
• The *-Property – A user can only write to an object if the classification of the object dominates that of the user. (Also known as “write up” or “no write down”.)

The reasoning behind the Simple Security Property is pretty straight-forward. If you’re concerned about confidentiality, you definitely don’t want people to read anything that they don’t have to. It’s the second property that raises some eyebrows. Why should a user be able to overwrite something that they can’t even read? Doesn’t this create huge issues with integrity?

The answer is simply that BLP doesn’t concern itself with integrity. But when you look at the property solely from the concept of confidentiality, the idea becomes a bit more clear. A user at a certain level knows information that users at lower levels don’t, so he shouldn’t be able to write anything to those other levels. However, users at a higher level already know that information so in that sense it’s okay to write to a higher level. You don’t have to worry that someone will see something they shouldn’t know about.

Another question in this model is how can someone give an order to their subordinate at a lower level? Here BLP adds the concept of trusted users. These are a special type of users who are proven trustworthy and who have the ability to write to lower levels. To me this seems like a cheap way of adding in functionality that should be provided by the basic system. “How do you make sure someone is trustworthy?” seems like as much of a complex question as “how do you make sure information isn’t written where it shouldn’t be?” Perhaps the reason for considering the first is that it’s easier to just have a person decide the second.

Overall, it’s interesting to find that the Bell-La Padula model has retained such influence despite its inherent shortcomings. As we continue in my Computer Security course, I look forward to seeing how more modern models compare and how they’ve solved the integrity problem.

CS 336: Analysis of Algorithms (Myers)

This class focuses on formal proofs of algorithm correctness, including topics such as weakest preconditions, developing invariants, induction, and probability. Even for a computer science course, it’s very math-intensive. One of my favorite things about this class, though, was having a support group available. There are some classes where you’re supposed to figure out everything on your own and not discuss the homeworks at all, while here we were encouraged to attend ACM’s weekly theory reviews or our own groups to meet up and work on the homeworks. For a class where the students have such varying backgrounds (everyone teaches 313k differently), it’s really necessary. I may not have been able to get a firm grip on recurrence relations without it.

CS 352: Computer Systems Architectures (McKinley)

This was McKinley’s first time teaching CS 352, and unfortunately it was at times very obvious. Reading the textbook was helpful, but the exercises often used terminology not in the rest of the book and were very confusing. The midterms were also insanely difficult. I’d go in thinking I had a good understanding of the material but then leave completely stunned. (Being able to keep the graded midterms would have been nice.) But for the final at least, I had almost a whole week to study. I read the book, worked out extra exercises, summarized the class notes, checked Wikipedia for clarifications, and everything came together. Sure, there were a couple of small things that I couldn’t remember ever going over, but in an hour and a half I was done and ended up with a 90.5–the highest grade on the final for any student. If you want to do well in this class, you need to have a lot of time to devote to it.

CS 378: Software Design (Batory)

This has been probably my favorite computer science course. We learned how to reason about programs using UML and studied refactorings, design patterns, and architectural patterns. For even common design patterns like hooks, I had never understood before exactly what they were. My favorite part, though, was learning about parallel architectures and having the opportunity to simulate everything from a basic join up to the parallelized Gamma join architecture. It’s a difficult class, but Batory’s generally an entertaining lecturer and I would recommend it to any computer science student.

Anyhow, some closing thoughts on the classes that have encompassed me for the past few months:

CS 315: Algorithms and Data Structures (Novak)

Novak’s CS 315 site is one of the best in the department–if for nothing else than having an excellent vocabulary list and so many ways to browse the class notes. Novak wasn’t the most exciting lecturer, but he always made sure we understood what was going on. If I could change one thing about this class, though, I’d like to look at implementations a bit more. He’d tell us that the code already existed, and his focus was on making programming faster and easier for others, but for now I still want to see things very in depth.

CS 310: Computer Organization and Programming (Boral)

In this course, we got to learn the fundamentals. We implemented our own stack and heap using LC-3 and learned how to write machine code. There’s much to be learned from this, but I think the main thing is to cherish the high-level languages we get to use (I still think it’s funny to call C “high-level” though) and to optimize how we use them without having to constantly focus on the small details. Boral was usually an entertaining lecturer, and if it wasn’t for the unpredictability of his tests I’d love to take another course with him.

CS 313K: Logic, Sets, and Functions (Lifschitz)

I took this class ten years ago as Philosophy 313K, so I expected this to be mostly a refresher course, and as such much of it was quite boring. However, I couldn’t miss any lectures because the exams would have questions about topics that weren’t in any of our notes or assignments. The course was mainly focused on mathematical functions and sequences, and I was a bit disappointed that logical quantifiers and connectives weren’t really covered. At least it was a (mostly) easy A for me.

EE 316: Digital Logic Design (Touba)

Between readings, homeworks, and labs, EE 316 is probably the most time-intensive course I’ve taken so far. (The required lab section doesn’t count for any credit hours.) Much of the material looks easy in retrospect, but the pace is so quick that you’re sure to get behind at some point along the way and have a lot of trouble catching up. The verbosity of VHDL is quite irritating, but learning all the tricks with Karnaugh maps was fun and state diagrams seem almost natural now.

M 328K: Introduction to Number Theory (Caputo)

Ah, my last ever pure math course. For being a rather easy course, though, it really made me miss Differential Equations. I mentioned this earlier, and now I’m sure that Moore method isn’t my strong point. I love to research things just to get new ideas even and felt pretty stifled in this class. It looks like what I did learn won’t go to waste, though. I’ve been looking over the supplementary textbook for CS 336 (next semester), and many of the theorems and algorithms I’ve learned are in there.

(Note: I’m still waiting for my official grades to come out, but as I’ve calculated it: for the semester I have A’s in CS 310, CS 313k, and M 328k, and B’s in CS 315 and EE 316.
Update: I got an A in CS 315 and an A- in EE 316. Whoo!)

This is a way of teaching known as the Moore method. Instead of the standard lectures, this method allows students to experiment in a way by doing proofs and seeing how what we already know applies to new situations. We all progress at the same rate by presenting what we’ve learned in class and discussing what we did differently or anything that still doesn’t make sense.

Though this method is also used in our logic course, most computer science classes follow the standard lecture and lab format. Professor Gordon Novak told us, “CS is an experimental science,” but by this he didn’t mean that we discover new data structures just by trying to solve a problem and seeing that that would be the best possible solution. Instead with some exceptions, we learn most of the time we don’t need to reinvent the wheel. The focus is on learning about many different data structures, gaining experience using them, and figuring out how to decide which is the best solution to any particular problem.

Of course, the concept of number theory is completely different than most of what we encounter in computer science. The method of proving the theorem (which may be as close to programming as math gets) isn’t so important as the fact that you can prove it and really understand why something’s true. It’s still kind of a shock being in a Moore method class, but it’s only been two weeks, so I still have most of a semester left to see if this works for me.

Afterwards, he talked quite a bit about his main project as chair–which is to get a new building for our Computer Science department. Right now our faculty is spread across 6 different buildings, not all close to each other, and having everyone together would be great for sharing ideas, working on research, and just building a community. I frequently hang out in the basement where the ACM and WICS offices are, but it’s not convenient for most other people to just come by, and yes, it does smell a little funny. Unfortunately, the date for starting the new building still isn’t set, and it would take four years or so to complete, so it definitely won’t be up while I’m still here. I’m still not completely sure it’s necessary to take on that cost of not having a central hub for that amount of time, but the ideas Moore presented of our new building sure did sound lovely.

Another interesting idea he had was to have senior faculty teach the lower-level classes, while the newer faculty who are doing more research would be teaching the upper level classes. Personally, I think that’s a great idea since there’s nothing that turns more students off of certain classes than not having a teacher who really has teaching experience. I agree with this completely, as well as his idea to have larger class sizes using tools such as iClicker for extra interaction. My one concern with his ideas here was that of reducing reliance on lecturers. It really makes sense financially since the funds for lecturers fluctuate every year, but Mike Scott has been doing a great job of teaching CS 307 for about a decade now, and I don’t know if anyone else could fill that role so well.

Anyhow, Moore is teaching CS 313k occassionally and I don’t have him next semester, so I may never get to see how he is as a professor, but it certainly was enjoyable to have our group sit down to lunch with him and learn a bit more about what’s going on with the department.