What contributed most to my learning was outside research I did on computer security. I feel like this class focused too much on theory, and not enough on practice. After learning alot in my free time about how pen testers do their work, like an actual attacker would, I gained a better understanding of why we take these security measures, and why one is better than the other. Learning old cryptographic methods was interesting, but I felt like it had no real effect on what i would be doing on the job, or in my own personal work.
Outside of class, I learned how people used things like metasploit, kali linux, and other tools to hack into systems. Where as in class, we learned the difference between different types of RSA. I understand why learning which type of RSA is better is important, but I feel like seeing and implementing for oneself why choosing one type of RSA is important, would be more beneficial to the student. I think if the course focused more on implementing little hacks, and then defending oneself from it in assignments throughout the course, would be much better than just implementing some libraries, and then feeling secure. Especially, if one were to apply for a job, its much better to say, "Hey this is secure, and let me show you why it is", rather than, "Hey this is secure, because my professor told me so".
Nothing interfered with my learning in this course. Though, if I may say, I felt like I was a very engaged student in the course, and it seemed that a lot of other students would like to learn more practice than thoery. I feel like a class should have the freedom to mold itself into the interesets of the student to some degree, and I feel like that is this class could have molded itself into something more of practice than theory, I would have learned a lot more.
In my opinion, I think you have great intentions with this class. I honestly have a lot of respect for you anti-test, and collaborative workflow of the classroom. If computer science education is going to prepare you for a job, I agree with these ideas greatly.
However, I feel like the way you are implementing these are not good.
-
The weekly quizes are great in my opinion. At first, I will admit, I kind of dreaded them, but after I realized that they really did keep information fresh in my mind, I think it was a great idea. Though, I do feel like some of the questions you asked were a bit obscure. I would suggest you ask questions that are broad, and are the main topic of your lectures. Such as, what makes textbook RSA bad? is a good question, however, asking things like, how is SSH implemented, is a bit difficult, as it is a process with specific steps.
-
The weekly notes review and lecture is flawed in my opinon. I think you did a great job with notes groups. Have a group partner for notes is a great idea. I would ask that you make the project group size, and lecture notes group size the same however. I feel like a few students dropped from being the third wheel in a lecture note group, and it makes it hard to communicate with another group member when you are taking different notes. But also, the lecture notes I feel is not working to reinforce concepts like the weekly quizzes. simpyl skimming over someone's notes does not reinforce any one's information. And to be dead honest, myself and a few other students in the class were just copy-pasting our responses from previous weeks and changing a few words. Also, no one wants to give a group a bad review, it's kind of like picking someone to die during a purge or something, it makes you feel bad as a person. Also, your deadlines for notes, Saturday, and Monday, make it so that one would HAVE to do work on the weekend. After having this difficult of a semester made me cherish every break I had to spend time with my girlfriend and family, and forcing people to work every weekend is a bit cruel in my opinion. In conclusion, I highly suggest keeping the lecture notes groups, but not the note review.
-
Let me start by saying, I have been a professional application developer for two years, and I am speaking from experience. The semester long project is a good idea. Though, the requirements you have for it are much too extreme. Most students work as they go to school, and I am sure you have noticed that by now. Asking students to treat this project as a whole job itself is too much for a person. I honestly was getting about 2 hours a sleep within the last 2 weeks of this semester for this project. And I started the project the day it was announced. Also, the final paper was not declared explicitly in any of the documentation for the class. A 13 page paper to be announced at the end of the semeseter randomly is not good for any student in any situation. Also, or a project this large, every day counts, moving up the deadline to a week before finals is not good either. And as I said before, this is an $8,000 project. That is ridiculous to be asking of students to do, as we get in huge debt for this degree, when we could have made more money without it. Also, enforcing these strict deadlines for something like this is a bit flawed in itself. In professional software developement, if you can not reach a deadline, you inform your manager, and they speak with the client to figure something out. Forcing people to work 12-14 days is inhumane, and employers lose their developers for things like this. You are encforcing bad workplace practices into your students with this project, as they will allow their employers to take advantage of them and think it is okay. Also, due to this unrealistic deadline of the project, code quality will severely drop. I remember you stated, "This is probably the best project you've done, and you can show employers!". In my opinon, that is a bad idea. Nearing the end of the project, I was just throwing whatever code I could at the prpject to get things working. Employers care more about code quality, than results. An employer would much rather higher the student with clean, well documented micro projects, that the student took their time on, than the large project where things break every once in a while, and the code looks horrendous. No CTO wants to inherit more technical debt from hiriing someone onto their team. Making the project unrealistically able to be done will show when a potential employer looks through the code of this open-source project. Next, I noticed a lot of students were very lost with this project. I know you assigned this proejct, under the assumption that a lot of students understood basic dev ops, project architecture, and web server maintenance. However, the truth is, a lot of these students do not understand this, and if they did already, why are they even taking your course? I've spoken with a lot of these students, and they were quite upset when they reached out to you for help with things like creating AWS accounts, managing domain names, and handling a VPS. Or even simple things like choosing the right framework for the job, or developing a simply button click function for their framework. They stated you were not that much help to them, and they had to learn most of this by themselves. In my opinion, if you plan on assigning a project, you need to also be prepared to teach and help with every bit of that project. In conclusion, I am sure you can tell by now, I think the project is flawed, and I definitely think that it is. I think you can fix these flaws, by more clearly definiing all sub assignments in this project in the syllabus or initial project document, making the project smaller, helping students with development outside of the cryptography, and considering the state of your students. If this does not sound like something you would like your class to become, may I re instate, I think a weekly "Hack", and the the next week defend against that hack, would be great idea. It gives students an alright amount of time to accomplish something, they have fun, and they have a lot of cyer security work to show to an employer. And if you feel like you also want to teach dev ops, you can have them host their code to be penetrated as part of the assignment. Also, here is a good resource to get you started down this weekly hack idea: http://www.dvwa.co.uk/ . Damn Vulnerable web app would be perfect for this idea, it would be fun for students, and I feel like it would fall along the lines of your teaching style.
I am going to leave this survey response as an open letter on the github project repo: https://github.com/CECS-478-AuRave/SecureChat. And to be quite honest, I think you are a great professor with great intentions, and I am sure we would get along great over a cup of coffee or a beer, but I think this class still has a lot of work before reaching its potential of educating these students in a meaningful way.
Thank you!