by Lynn Robert Carter, Ph.D.
Apple’s Swift Playgrounds, an iPad app aimed at teaching young programmers the basics of Swift programming, looks very impressive and is due out this fall. I’m excited to explore this latest addition in a long line of similar efforts that began in 1981 with Stanford’s Richard E. Pattis’ Karel and includes Alice, which moved from University of Virginia to Carnegie Mellon University in 1997 with Randy Pausch. I’m looking forward to seeing how this app works and its potential for supporting the kind of courses I want to provide.
I’m a big fan of learning-by-doing courses with a focus on helping learners actually do things they perceive as making sense and being useful in their careers. Unfortunately, many courses are primarily taught through theories and concepts with little opportunity for students to apply them on projects of any real substance or relevance. This is an approach only researchers and academics can appreciate.
Lloyd J. Reynolds, highly respected Reed College academic, spoke about needing to go beyond “empty concepts” to relationships with meaningful things that give weight to those concepts. Far too many people graduate with what most academics would call “a good education” and yet – to paraphrase Reynolds – if the concepts were boxes, beautiful boxes, which graduates can take out and arrange in impressively logical patterns, then the boxes they have would all be empty. We academics have provided foundations, theories, and concepts, but how many of us have provided graduates with the real-world, job-ready skills required to add weight to those boxes.
Teaching young people about programming is important. But we must be careful in helping them avoid developing bad habits and facilitate establishing good habits while they simultaneously have fun with learning. One bad habit we continue to allow young programmers to develop is writing code that can be easily hacked. The buffer overflow exploit remains a major vulnerability, according to SANS. It was first described in 1972 and had its first documented use in 1988. Buffer overflow has been on top of most vulnerability lists for programmers since such lists were created.
Why is the buffer overflow exploit still a problem since it isn’t hard to understand or avoid? It remains because we don’t broadly teach young students about this specific issue or safe coding practices in general. MIT doesn’t do it. Stanford doesn’t do it. CMU doesn’t do it. Almost all of the rest of the schools in the world – directly or indirectly – blindly follow those leaders. We are more focused on learners having fun and becoming interested in STEM in general or programming more specifically. As a result, millions of people each year enter the world’s workforce with some degree of programming expertise, yet most do not know the most common programming defects that lead to security flaws or quality problems, or how to avoid them. Teaching people to do things right and safe from the beginning is much easier than trying to correct years of ignorance and bad practices, yet the change to this way of thinking is slow to be implemented into curricula.
Change is also slow in the workplace. Most employers do not teach safe software development methods to their employees during orientation. Companies that do must devote costly resources to training new employees to unlearn years of bad practices before they can expect the new hires to learn to write safe code and make a valuable contribution to the organization.
I hope Apple, with all of its brand loyalty and popularity, might step up with Swift to address security and quality issues the way Apple CEO Tim Cook did with security on the iPhone. In addition to being a core programming language, Swift – like Alice – employs a system to help address common basic programming errors. Time will tell if advancements in Swift Playgrounds will migrate to the professional developer toolkit and, if they do, have a real impact on the quality and security issues that are so desperately needed.
I am explicitly adding the concepts of security and quality to all of the courses and programs I create and over which I have influence. I agree with professors Pattis and Pausch that learning to program should be fun. I also agree with professor Reynolds that courses need to go beyond empty concepts. Along with the beautiful theories and concepts, my courses will add weight via connections to the real challenges society demands our systems must solve, and the practice and the skills real-world professionals must possess.
Photo by Lynn Robert Carter.