William Rust (wjr@ksu.edu)
Mon, 13 Sep 1999 13:41:43 -0500 (CDT)
Date: Mon, 13 Sep 1999 13:41:43 -0500 (CDT) From: William Rust <wjr@ksu.edu> Subject: Re: IFETS-DISCUSS Digest - 12 Sep 1999 to 13 Sep 1999
List address to send message to everyone: ifets-discuss@LISTSERV.READADP.COM
Details of current discussion: http://grouper.ieee.org/ltsc/ifets/discussions/discuss.html
---------------------------------------------------------------------------
I have a real problem with teaching C++ in high school. The problem
is the power of that language. We don't allow high school students
unsupervised access to power tools in shop classes. Yet, that is
exactly what happens with programming.
My background is in engineering, with an emphasis on infrastructure
issues. Infrastructure attacks are a very serious problem.
Traditionally, there has been a priesthood of engineers that have
served to protect our infrastructure. This is true for roads,
electric power distribution, food distribution and computer networks.
Again traditionally, most of the protection for our infrastructure
has come through obscurity. That is, the way infrastructure is used
is pretty simple, but only members of the priesthood have known the
details. (One company that I worked for protected its computers by
simply restricting access to documentation. I could easily have
destroyed, perhaps irretrievable, a day's or a week's accounting
data simply by changing one word on one punch card.)
With the introduction of C++ into the high school, we are now putting
very powerful tools into the hands of children who have not been
properly indoctrinated into the community of practice. This is very
bad and very dangerous. We are crossing the line between "school
world" and "real world" without proper consideration. And we will
pay for this error.
How much of a chicken little am I being? Well, I can write a program
in C++ that is less than 1000 lines that will capture every packet on
my subnet. It requires getting and installing a Packet Driver VxD,
something that's freely available on a number of sites. Then, using
RFCs, I become selective and find passwords originating on my subnet.
If my subnet is configured like many schools, i.e. one giant subnet,
then I can get anything in my school or district. Then I can start
spoofing SMTP to send bogus mail messages. Or, I can start taking
down parts of the net using SNMP. Or screw around with the file system
using SMBs. The protocols I have mentioned all use plain text and
are described in freely available documents. Once a kid understands
that all of this stuff is really simple, the S in these protocol
names normally means "simple", the kid has the ability to do real
damage. If a bright kid decides that cracking the net is neat thing
to do, a school is naked.
Again, the socialization process of becoming an engineer, the classes,
the comraderie, the geekiness, all work to protect society. Now then,
if you want to use programming to develop thinking skills, that's great.
Just don't use a language like C++. It's too dangerous.
wjr (SB Civ Eng, MIT 1979, MA Educ, Tufts 1994, PhD Ed Tech, KSU, sooner
or later)
---------------------------------------------------------
Forum website: http://ifets.gmd.de/
Forum's contact person: kinshuk@ieee.org
Info on Join/Leave List: http://ifets.gmd.de/maillist.html
---------------------------------------------------------
This archive was generated by hypermail 2.0b3 on Mon 13 Sep 1999 - 23:00:19 MEST