Forum

I want to express my appreciation to Chenglie Hu for his “ Viewpoint” (Mar. 2008). My experience trying to switch from the “pure-OOP” approach in CS1 has been an uphill battle. For example, my department still uses Byron Weber Becker’s Java: Learning to Program with Robots as the textbook for our CS1 students; while its value is recognized, it blurs most of the important elements for understanding how computers actually work. For example, how can these students be expected to “understand” a constructor with parameters before finally getting around to variables and eventually to methods in Chapter 6? One result is that we must find another way to teach them in CS2. I don’t mind having to use object-oriented programming in CS1, but we should not pretend that the algorithmic side of the road doesn’t also lead to solutions to real problems. As it is, even after a good part of the semester, the students might have learned only to play a poorly designed video game.

CHUNG-CHIH LI Bloomington, IL

 

I am an adult learner (age 57) just starting a Java programming course at the University of Phoenix, online. The first assignment was “Describe the difference between an object and a class.” As you can imagine, the answers and examples were all over the place. After reading Chenglie Hu’s “Viewpoint” (Mar. 2008), I understand why he would not start students out with a discussion about objects and classes.

Of special interest to me was

the approach he suggested for teaching programming. Has he used such an approach with his own students? Is it still too early to think about using it for teaching a class? Maybe Hu can write his own textbook to spell it out in detail.

Although I’m likely to have graduated before any changes are made that would help me learn programming, I want to know how this idea plays out so I could make appropriate suggestions to my university. The online discussions among students who have finished the Java courses there suggest they were taught in the best way possible.

I also checked out Hu’s Web pages at cscserver.cc.edu/chu/ and was amused to find that some of his students “might not have happily learned.” I wish I could afford the luxury of attending classes in person instead of fitting them in online around a full-time job and family. I’m always happy to learn. The biggest lesson is that although the amount of knowledge I never will possess is enormous, I will never be deterred from trying to learn more.

MARK HANNA Banks, OR

 

Author’s Response: In their comments, Froehlich (while I respect his objections) and Li shared what has worked and what hasn’t in their respective classes. Cain shared an instance of how important real-world examples are to the learning process. And Hanna, as a novice, was still wondering about the best way for him to learn programming. The common thread is that educators

must find ways to give their programming students a coherent learning experience. At the very least, they, along with textbook authors, must provide examples they are most likely to benefit from in their software-engineering classes.

CHENGLIE HU Waukesha, WI

ENFORCE USER COMPLIANCE AS A FIRST LINE OF DEFENSE

The article “The Myths and Truths of Wireless Security” by Alfred Loo (Feb. 2008) put too much emphasis on passwords. End users are known for their inability to use decent-strength passwords. Even expecting them to care about passwords aims too high. The IT staff must be reminded over and over of such user attitudes and behavior.

When my end users request changes in their passwords, they always want to know the minimum password length and whether they must include nonalphabetic characters. I tell them to use whatever password they want as long as it doesn’t have to be written down. I also tell them to use at least one element that changes between servers. The reason for not having to write it down is that most intrusions involving password guessing come from colleagues in the same organization, not from “professional” attackers. Meanwhile, they resist even basic schemes that go beyond the old (flawed) login+password schemes.

Confronted by security challenges, time-based tokens, one-time passwords, and the like, they politely listen to administrators’