Warning This class is being recorded (and transcribed), provided Sam remembered to hit the “Record” button.
Approximate overview
Academic
Cultural
Peer
Wellness
Misc
Please put these in your notes!
Either straightforward or complicated, I’m not sure which. Maybe both.
Will you give a makeup quiz on X?
Perhaps. Once I see where everyone stands on LAs, I’ll try to focus on the ones that have the most missing (plus the ones that are better to do on paper).
What work do we have left this semester?
MP7 is your last mini-project.
Next week, you’ll get a multi-week open-ended group project. That project includes a presentation at the end (Monday of week 14).
SoLA 3 will be week 14.
SoLA 4 will be finals week. (Distributed Tuesday morning due Friday at 5pm.)
Regular quizzes, readings, etc.
What will our ethics LA look like?
An updated version of today’s reading responses.
How does the group project count in our grade?
It’s just another project. You have seven mini-projects and eight projects.
When will Sam post the redo for mini-project 5?
This afternoon, if he remembers. TM him.
What was I supposed to take from the data abstraction reading/lab?
It is generally important to distinguish what we do with data from how the data are represented. (You could uses lists before we learned pairs, you can use numbers even though you don’t know how the numbers are represented.)
Ideally, the what is dictated by the procedures you provide to manipulate the data structure.
When we design our own “data structures”, we should think about what people might want to do with our data and design appropriate procedures. Clients of our structures should access them through the procedures and not through the underlying implementation.
Data abstraction, like procedural abstraction and decomposition, is a key aspect of computational thinking.
More practically speaking, if I say “We want to store this kind of data”, you should be able to make decisions about what procedures are appropriate, how to represent the data as a hash/vector/list, and implement the procedures.
https://www.acm.org/code-of-ethics
Let’s read them aloud.
A TPS activity.
Modified from https://ethics.acm.org/code-of-ethics/using-the-code/case-dark-ux-patterns/. (Please don’t look there for analysis.)
The change request Stewart received was simple enough: replace the web site’s rounded rectangle buttons with arrows and adjust the color palette to one that mixes red and green text. But when Stewart looked at the prototype, he found it confusing. The left arrow suggested that the web site would go back to a previous page or cancel some action; instead, this arrow replaced the button for accepting the company’s default product. The right arrow, on the other hand, upgraded the user to the more expensive category; it also silently added a protection warranty without asking for confirmation. Stewart suggested to his manager that this confusing design would probably trick users into more expensive options that they didn’t want. The response was that these were the changes requested by the client.
Shortly after the updates were released into their production system, Stewart’s team was invited to a celebration. As a result of these changes, revenues at their client had increased significantly over the previous quarter. At the celebration, Stewart overheard some of the client’s managers discussing the small increase for refunds by users who claimed that they didn’t want the protection plan, but there weren’t many. One manager noted several complaints from visually impaired users, who noted that the mixture of red and green text obscured important disclaimers about the product. “So what you’re saying, then, is that the changes worked as planned,” quipped one of the managers.
TPS: What should Stewart do (or have done)?
Modified from https://ethics.acm.org/code-of-ethics/using-the-code/case-malware-disruption/. Please don’t read the analysis.
Rogue Services advertised its web hosting services as “cheap, guaranteed uptime, no matter what.” While some of Rogue’s clients were independent web-based retailers, the majority were focused on malware and spam. Several botnets used Rogue’s reliability guarantees to protect their command-and-control servers from take-down attempts. Spam and other fraudulent services leveraged Rogue for continuous delivery. Corrupted advertisements often linked to code hosted on Rogue to exploit browser vulnerabilities to infect machines with ransomware.
Despite repeated requests from major ISPs and international organizations, Rogue refused to intervene with these services, citing their “no matter what” pledge to their customers. Furthermore, international pressure from other governments failed to induce national-level intervention, as Rogue was based in a country whose laws did not adequately proscribe such hosting activities.
Ultimately, Rogue was forcibly taken offline through a coordinated effort from multiple security vendors working with several government organizations. This effort consisted of a targeted worm that spread through Rogue’s network. This denial-of-service attack successfully took Rogue’s machines offline, destroying much of the data stored with the ISP in the process. All of Rogue’s clients were affected. No other ISPs reported any impact from the worm, as it included mechanisms to limit its spread. As a result of this action, spam and botnet traffic immediately dropped significantly. In addition, new infections of several forms of ransomware ceased.
TPS: Was the response appropriate? Ethical? What principles would permit the security vendors and government organizations to write such software. Which might suggest that they behaved unethically?