字幕列表 影片播放 列印英文字幕 [MUSIC PLAYING] DAVID MALAN: All right. This is CS50. And just eight weeks ago, 2/3 of you had never studied any computer science before. And what we thought we'd begin with today is really a look back of truly how far you've come over just those several weeks. In fact, it was just eight weeks ago when you first started tinkering with Scratch, this graphical programming language by which you could drag and drop puzzle pieces and make the computer do what you want. And then a week later, you might have struggled with just getting Mario to ascend a pyramid by way of hashes that you were printing. Which at the time was perhaps quite non obvious, but it's ever since has just been what? A pair of nested four loops. And then the week after that, you explored cryptography among other fields. And you learned how to encrypt and you decrypted information, like this snippet here. After that, you explored some electoral processes and the implementation of algorithms that you might be familiar with from the real world, but perhaps didn't think about the trade offs in choosing one algorithm or another. And then ultimately, implementing it in code. Just a week later did we transition to filters on Instagram, implementing things like your own sepia filters. So that moving forward, hopefully, you won't take for granted when you click that button on the screen on your phone, you actually know or can presume, or infer, what's going on underneath the hood as it changes from one setting to another. And then, of course, Big Board, where we handed you some 140,000 English words and a really large file. And you had to implement your own spell check, or a dictionary so to speak, with using as little amount of time and as little space as you could, implementing ultimately your own hash table. Thankfully since then, we can now take for granted that those things exist. But you, indeed, built that from scratch. Just a week later, we started handing you large files like this. And of all things, you were able to deduce by writing some Python code that this is lavender's DNA, among others in the class whose files we handed you. And then most recently, or perhaps quite soon, when you learn to apply another language. In this case, SQL. To questions like who has starred in films with Kevin Bacon. And so, a number of tools are now in your toolkit. And again, I would just emphasize that eight weeks ago, 2/3 of you had never done any of that before. So even if it's felt like it has never let up and each week feels all the more challenging than the last, consider the delta. Consider what we promised in the first week of the class. That what ultimately matters in this course is not so much where you end up relative to your classmates, but where you end up relative to yourself when you began. And it is, indeed, those eight weeks ago that you began. And it's today and in the courses final weeks that you will ultimately be able to compare yourself. So in trying to think today about what we hope your own takeaways are from, not only the course, but computer science more generally, I actually pulled up some of my own notes. You might recall from week zero that I mentioned I took this course myself back in 1996 and it happened to be the one that turned me from a government major to a computer science major. And I didn't take many notes at first, it seems in that first class. Now, there were a couple of other pages. And so, I started flipping through these and in fact, this was my second page of notes. And if you focus on what's up here at the top, apparently, one of my first notes to myself that a function, for those unfamiliar today, are instructions that do the work. And indeed, if I looked down further on my notes, arguments we introduced that same first day. It's info that's passed from one function to another to have something done by or performed on it. All right. So that actually maps wonderfully cleanly to what it is we indeed started ourselves doing those eight weeks ago. Just talking about what CS is, problem solving. And a problem is just something that's got input. And the goal, of course, is to produce something with output. And we had to agree from that very first week how we're going to represent these inputs and outputs. And so, we might do it symbolically with letters of the alphabet. We know since then with that we might do it numerically as with decimal digits or below that, we might just use binary, a different base system using only zeros and ones. Or we could even represent that same capital A just using some pattern of light bulbs or switches that you turn on in some order. In fact, if you think back then to these first principles that we introduced those weeks ago, to any of the students now in the audience, what does this say? AUDIENCE: Hi. DAVID MALAN: Hi. So it indeed says hi. Why is that? Well, we just agreed weeks ago on what numbers map to what letters. And so as long as all of the humans in the world agree on that when they're sending emails, or text messages, or the like, our computer systems can all present information that we ultimately understand. Another review question from week zero. What did this say way back when? If you need a hint, it was it was in decimal 128,514. A little louder. AUDIENCE: Emoji. DAVID MALAN: Emoji. This was the face with tears of joy, right? Taking all of the fun out of sending emojis. Anytime you receive or send an emoji, really all you're sending is a pattern of zeros and ones, or worse the number 128,514. But your computer or phone are presenting it to you in a certain way based on that context. All based on just how we humans or those before us decided how to represent this information. But of course, we don't have just those inputs and outputs. There is another piece to the puzzle. And so, I actually looked back at my own third page of notes here and focused on my first line here back in 1996. An algorithm is apparently a precise sequence of steps for getting something done and programming more generally is a process of taking an algorithm and putting it into a language a computer can process. And indeed, that really was the additional puzzle piece we first focused on in week zero. It was what was inside the proverbial black box? The sort of secret sauce that you provide your input to, you get your output from. Those are the algorithms that we've been talking about ever since now, not just in pseudocode or in English. But in C, and in Python, and now SQL. And then in the coming weeks, a few other languages as well. But of course, we used algorithms to solve problems and one problem is and was rather old school. And we thought we'd reflect just a bit and perhaps reinforce that same week zero if by taking a couple of volunteers. Perhaps a student and one of their family members voluntarily or forcibly with them. You have to be comfortable, though, appearing on stage and in turn, the internet in perpetuity is the catch. I see-- OK. I see one volunteer and either mom or dad finding out who is not going to go up. OK [LAUGHTER] Come on up. A round of applause if we could for our volunteers. [APPLAUSE] DAVID MALAN: Come on over this way. And what is your name? DANIELLA: Daniella. DAVID MALAN: Daniella. Nice to meet you. Come on over here. And what is your name? MARIANO: Mariano. DAVID MALAN: Mariano. And your dad, I presume. MARIANO: Yes. DAVID MALAN: All right. Well, so nice to see you both. You'll recall from week zero that one of the first problems we solved was looking up someone in a phone book. Well, here I have a pretty thick yellow pages wherein there's a whole bunch of products and services alphabetized from A to Z. And we can, of course, look up the number for someone in this book. For instance, suppose today we need a plumber. Could we ask Mariano to find us a plumber in this phone book? Flipping through a few pages. A lot of pages. Yeah. OK. All right. And we have a page full of plumbers. And now, could your dad have done better do you think? DANIELLA: Yes. DAVID MALAN: I think so. So would you like to show dad and other parents here what you might have done instead? Oh my goodness. [LAUGHTER] OK. Thank you. [APPLAUSE] [LAUGHTER] DAVID MALAN: And for those wondering, let's continue the algorithm, if you will. What's your next step? [LAUGHTER] Nice. And why are you doing this, though? DANIELLA: So I open halfway and then if it's not on the page and it looks like, for example, if it's n, I know p is afterwards. So I need to get rid of the first half and just look at the second half. DAVID MALAN: Well, need to is a little strong. [LAUGHTER] But you can get rid of-- yes, indeed. So if you keep this process going, halving, and halving, and halving, what should you be left with ultimately? DANIELLA: Just the letter p. DAVID MALAN: Just the letter p. Round of applause would be good for both of our volunteers here. [APPLAUSE] DAVID MALAN: Thank you. A CS50 stress ball for you both. Thank you so much. Oh, thank you. Thanks. So that was one of the first lessons with which we began focusing on algorithms. And the point back then, recall, was to really emphasize the familiar, right? We might not use that particular technology all that much anymore. But it really is fundamentally the same thing that's now in our iPhones and Android devices and the like. It just so happens that we search for things by scrolling with our finger up and down. But consider too, even these days in 2019 when you type into the auto-complete to search for someone by first name or last name, how is your phone finding that information? It's exactly like that. Not quite as physically as that. But most likely for efficiency, your phone is looking roughly in the middle of all of those names then jumping up or down in the blink of an eye in order to find that person for you ever so quickly. And so, all of us might have an intuitive understanding, just like Mariano did, for finding plumbers by jumping to the p section. But then, he came close to the p section, but then started flipping. And I dare say you flipped through far more pages than you ultimately needed to using our more efficient divide and conquer if one time only algorithm instead. So beyond algorithms, I recall that I had just a few other notes. On my last page of notes, I also had this here. That what was apparently important then and no less so now is that in computer science and in turn programming, precision is important and correctness is important. And indeed, one of the things you perhaps gleaned in programming, whether in Scratch or C or Python or SQL over the past few weeks, is that the computers are really unforgiving. They can't just infer like we humans do. And frankly, I'm not sure we would want our computers to just infer sometimes what we mean if the goal is precision and correctness. You need to be ever so precise. So let's see, perhaps, with one more demonstration just how much this one has perhaps sunk in. If we can get perhaps two more volunteers, a student and family member as well. Student and family member. Here and I don't see a family member's hand up. Can you convince one? OK. Come on up. Wonderful. A round of applause for our other pair of volunteers here. [APPLAUSE] So now for this one, not everyone's off the hook. If all the students in the room, if they have a piece of paper and/or a pen or pencil could take that out and share with anyone next you if you don't have. Emma and Brian are also going to pass out some paper and pens if you don't have a writing apparatus. The goal at hand is actually for all of us to participate, thanks to our two volunteers. And what's your name? DAVID: David. DAVID MALAN: David. Nice to see you. SPEAKER: [INAUDIBLE] DAVID MALAN: [INAUDIBLE] Nice to see you, as well. Come on over in here. And this will be a two part exercise as well. And the first goal at hand is for you to choose. Do you want to go first or dad, is it? Would you like your dad to go first? DAVID: OK. I'll go first. DAVID MALAN: You're going to go first. All right. So come on over here. And what I'm going to show David in just a moment is an image on the screen that I'm going to ask that he program you, the audience, to draw giving verbal instructions only. The goal of which is for him to be as precise as possible and as correct as possible to compel the audience, much like a computer, to follow his instructions. And in turn, implement your algorithm. So in just a moment, David is going to rattle off step by step instructions for having everyone in the audience draw this. You are the only one that can see what's on the screen. Everyone in the audience just about has a piece of paper and a pen or pencil. And I just need you very confidently, clearly, to recite step by step instructions by which everyone with their pen or pencil can draw what you see on the screen here. Makes sense? DAVID: Yes. DAVID MALAN: You may use any verbal instructions you like. DAVID: OK. DAVID MALAN: All right. Just about ready to begin? The goal, precision correctness. Begin. DAVID: OK. Step 1. Draw a sideways square. [LAUGHTER] Sideways. 45 degrees rotated. Yeah. DAVID MALAN: OK. DAVID: From the bottom three corners, draw a straight line down that's approximately the length of each side of the square. DAVID MALAN: Unfortunately, programs cannot ask questions of programmer. So we continue on with the next step. DAVID: And finally, between the first and second line, draw a line connecting the two at the end. And between the second and third line, draw a line connecting the end. DAVID MALAN: All right. How do you feel about your instructions? Precise and correct? DAVID: Wishy-washy. DAVID MALAN: Wishy-washy. OK. All right. So let's go ahead. Hang on to the mic for just a moment. I'm going to hop down into the audience with our TFs just to grab a few representative solutions. If you wouldn't mind my grabbing a few sheets of paper from folks who have participated. Let me take a few over here, just a random sample. Welcome to volunteer proactively or keep it to yourself. Let me go in over here. OK. Thank you so much. Any takers over here? OK. All right. Good. Good. Good. Thank you. And all right. The TFs are grabbing a couple too. See some over here. All right. That should do. That should do. Let me grab these from Brian over here and Emma. Oh, those are blank. All right. So I think we have plenty over here. So let's take a look before we do part two of two, if I may, at how well David programmed the audience. I'm going to go ahead in just a moment and pull up a projection of some of these drawings here that are the results of these operations. So let me flip through. Get a sample here. And I see a lot of good options here. I see this picture here, which perhaps resembles what you drew. See this one here the top corner, very similar in spirit. This one left a lot of room for other things but-- [LAUGHTER] This one was a little more abstract, if I may. [LAUGHTER] And so, let me go over to a spoiler to show you what it is David was programming you to draw. And with some suspense, he was compelling you to draw we hope this here. All right. So close or not close perhaps. All right. Round of applause for David, if we could. [APPLAUSE] DAVID MALAN: Thank you. One moment. And so, you gave pretty-- you used, if you would, abstractions in discussing this. You said a sideways square, used 45 degree angles hoping that folks would presumably know what you mean by that. Why did you not just say draw a cube, for instance? DAVID: I thought that would be cheating. DAVID MALAN: OK. Well, it would not have been cheating, but it would have been a wonderful abstraction. If everyone in the room, assuming, knows what in a cube is, you might then be compelled to draw it quite quickly. But that, too, leaves ambiguity and lacks precision. Well, how is the cube oriented? Is it this way? Is it that way? Is a curved this way? So sometimes, these abstractions aren't sufficiently helpful. So I probably would have done what you did as well. Now let's do one other example here, if we could. I'm going to go ahead in just a moment and project an image onto the screen that everyone in the audience can see except you two. Let me go ahead and re angle this a little bit. And if father and son would like to get together or solo draw a picture that the audience is going to tell you how to draw. So we're going to flip the roles now. You all will see the drawing on the screen. We ask that you tell our volunteers what to draw. You can use any words that you want, but you cannot ask questions and no physical gestures to explain. All right. Unfortunately, it's a little hard technologically here in that the solution is going to be there. The solution is going to be there. So we're going to have to put some visors on you, if we could-- [LAUGHTER] --so that you can only see straight forward. And if you don't mind hugging the board as close as possible, but occasionally back up so that people can see what you're drawing, but resist the temptation to look up, over left or right. All right. So for our audience then, the images. And if you two could focus only on the board now. Only on the board and definitely not facing that screen. OK. [LAUGHTER] The audience is about to see the picture in question. And so, we need a volunteer first from the audience to call out an instruction. Any step ones? Over here. Make a circle. [LAUGHTER] I heard a small-- I heard draw a smaller circle. I didn't hear use the eraser, but OK. OK. OK. No looking at me. No looking at me. All right. So I'll take a third step. So let's go to someone else. Yeah. AUDIENCE: Draw a vertical line. DAVID MALAN: Draw a vertical line. AUDIENCE: From the center of the circle. DAVID MALAN: From the center of the circle. AUDIENCE: From the bottom of the circle and down. DAVID MALAN: From the bottom of the circle and down. AUDIENCE: Large stick figure that appears to be walking. [LAUGHTER] DAVID MALAN: I hear an abstraction. So we were also given a fourth instruction. Draw a stick figure that appears to be walking, if that helps. But I think we're going to need to be more precise here because I can imagine a stick figure doing multiple things in multiple-- [LAUGHTER] With-- [LAUGHTER] OK. Maybe step five. Do we want to make any tweaks? AUDIENCE: It's an almost upside down triangle. DAVID MALAN: Draw an almost upside down triangle, I heard. AUDIENCE: For the legs. DAVID MALAN: Through the legs. AUDIENCE: For the legs. DAVID MALAN: For the legs. AUDIENCE: After the vertical line coming down. AUDIENCE: You need to erase the legs. DAVID MALAN: OK. I heard erase the legs. AUDIENCE: Get rid of the arms. DAVID MALAN: And get rid of the arms. [LAUGHTER] OK and step five was? AUDIENCE: From the bottom of the vertical line, the body, make the two legs are like a triangle without the bottom. DAVID MALAN: From the bottom of the body, draw like a triangle to represent the legs. AUDIENCE: But not-- [LAUGHTER] DAVID MALAN: But not that way. That's good. Let's move on to step six. Step six. Someone over here. AUDIENCE: So once they erase that triangle, from the bottom of the vertical line, draw an upside V, where the center of the V is touching the bottom of that bottom line. DAVID MALAN: From the bottom of the straight line, draw an upside down V. I think we did that. Can you step aside just so the audience can see? Now we have a tripod. OK. [LAUGHTER] OK. OK. So I think we're there. I think we're there. One other instruction. Let's see if we can take this home. Yes, right here. AUDIENCE: Draw a less than symbol, starting from the base of the middle of the circle. DAVID MALAN: Draw a less than symbol from the base of the middle of the end of the circle on the left side. DAVID: Wait, a less than symbol. DAVID MALAN: Less than symbol. Yep. DAVID: Less than. DAVID MALAN: Yes. DAVID: Here? DAVID MALAN: So this is what we call a condition. So, yes. AUDIENCE: Correct. DAVID MALAN: Correct, I hear. OK. I think we're close. Two more steps, maybe. AUDIENCE: To the top of the circle, write the word Hi with a capital H and lowercase I. DAVID MALAN: OK. From the top left of the head, draw the word hi, capital H lowercase I with-- I think did you say a line to it? AUDIENCE: Yes, with a line. DAVID MALAN: With a line to it. Yeah. AUDIENCE: [INAUDIBLE] DAVID MALAN: OK. And can you step aside, just so the audience can see? I think we need just one more step. One more step. OK. Back here. AUDIENCE: From the bottom of the circle on the right hand side-- DAVID MALAN: From the bottom of the circle on the right hand side-- AUDIENCE: --touching the base of the circle and the vertical line going down-- DAVID MALAN: --touching the base of the circle and the vertical line going down-- AUDIENCE: --make the letter L-- DAVID MALAN: --make the letter L-- AUDIENCE: --at a 15 degree angle. DAVID MALAN: I heard at a 15 degree angle? Sure. [LAUGHTER] OK. I think-- I think could we have you take several steps back and look up? And round of applause for our volunteers. [APPLAUSE] That's pretty good. Thank you both so much. Please keep the hats. Congrats. So clearly, abstractions can be useful, but they can also be challenging. Like programming is hard. And even though this went a bit off the rails here and there verbally, this really is just programming. And we're all trying to agree on a common language or common syntax to use to have the computer, or in this case, our human volunteers execute those instructions. And sometimes, these abstractions are great. Draw a stick figure who appears to be walking. I think we can all visualize what that is. Unfortunately, we're all probably visualizing slightly different stick figures. And that's, again, where precision comes into play and correctness too. Of course, sometimes the chalk went off in the wrong direction. So we might have to undo. And of course, we've spent also the past eight weeks debugging code as well. And so, I wish I could say that this gets easier or just gets absolutely easy. But it never does because the problems you aspire to solve, whether it's in the real world or in the world of computer science and programming, are going to be ever changing. And your aspirations are going to increase. And so, this frustration you might feel now never really goes away, if I can say as much some 20 plus years after doing this myself. But the problems you're solving with those same challenges and those same hurdles get so much more powerful, so much more interesting. And again, it all started from just a few weeks ago when Mario's pyramid was perhaps the first problem to solve. If we go back to where we were here, we had of course our drawings, and then ultimately this process. This, I dare say, is computer science. You have inputs. You have outputs and algorithms in between. But really, what are we talking about at the end of the day? Well, the creation of, the output of, the management of information. I mean, that really is what we've been talking about for these past eight weeks is information. How do you process it? How do you represent it? How do you transform it into something more and ultimately, solve problems with it? But, with this manipulation of, this creation of, this storage of information ever more so these days comes increasing responsibility. And I daresay one of the things that we encourage you, as you exit a course like this, is not just what you can do, but frankly whether you should do it. And indeed, all the more relevant today in societies of course stories. Horrifying stories of where our data has ended up or what has happened to our data, or good intentions perhaps gone awry because we haven't considered implications. And what we wanted to do today is to point out a few examples of opportunities to think harder about what it is you do in the real world as just a citizen. And what you do in the keyboard as a programmer, and how you might solve problems with one's privacy and the security of one's data in mind. Consider, for instance, passwords. These, of course, are perhaps the most familiar thing that you and I use probably every day to secure our accounts, and in turn maintain the privacy of our information. Whether it's our photographs, or financial documents, or emails, or text messages, or the like. Unfortunately, passwords really aren't the best mechanism. And most of us in this room probably should be more thoughtful when it comes to making these kinds of decisions, as well. For instance, in 2019 already, based on a very large data breach and in the analysis thereof, it turns out that the top 10 passwords in the world as of this year are number one, 123456. [LAUGHTER] Apparently, the result of some website or applications requiring a password of at least six characters. And this is about the least amount of effort you can do to satisfy that goal. Number two password was 123456789. [LAUGHTER] Slightly better. Slightly more secure insofar as it's longer. Number three is qwerty. And if you don't know what that means, that actually describes the type of keyboard. But because if you go to the top left hand corner of your keyboard and type one, two, three, four, five, six from left to right, you will end up spelling Q-W-E-R-T-Y. Easy to remember. Also, pretty easy for other people to remember as well. Password is the number four password out there. And number five is, as of this year, 6 ones. So another way of satisfying the constraints that these people did, but with even less effort. Just hitting the same key again, and again, and again. 12345678. So, slightly behind the other two. ABC 123. Starting to get a little more interesting that we're combining letters and numbers. 1234567 slips in there as well. Number nine is password1, clearly satisfying websites that require that you not use an English word but you include at least one symbol or letter here too. Dare say the bare minimum. And number 10 as of this year is 12345. So it's easy to poke fun at these and we won't call for a show of hands. But odds are some of us in this room maybe-- don't make eye contact-- have at least one of these passwords as your own. It's just all too easy, then, to guess certainly these. But even if you're practicing adhering to better practices than these, and you're not as simplistic as I'm going to pick an easy word or a very simple number. Suppose you're actually being more thoughtful. It doesn't really matter these days. I'm going to go ahead and turn my attention to just a moment to a text editing program here on my computer. The students in the room will recognize this is just representative of a programming environment. And today, this just happens to be something called Visual Studio Code, or VS code that you can download on your own Mac or PC. And I'm going to go ahead and just save a file called pin.py. Many of us have not only passwords, but pins. Personal identification numbers that you're supposed to keep secret and that are usually, say, six digits long. Well, even if you've protected your financial account or some other account with a six digit code, it might take a human quite a while to guess all of the possible codes that you might have chosen. But it's not terribly hard for a computer. In fact, we'll do it even more simply like a lot of times with a four digit code. I can simply go in a program like this, if I know a bit of programming in Python. And I can say from time import sleep. I can say something like for I in range. Well, let's start from 0000 and go all the way up to 9,999. A four digit number. But it turns out, we need to iterate up to 10,000 because the students in the room will recall that we iterate up to, but not through that value. And then in here, I'm going to go ahead and say something like, I am checking this value I. So this is to say I'm proposing to write a program in Python that will try to crack someone's pin to show how easy it is to generate as a computer all of the possible PINs in the world that are four digits long. So and just to demonstrate this, I'm going to do it a little slowly by sleeping for 1/10 of a second between each iteration. So I've gone ahead and saved my file. I'm going to go ahead down here now and run Python of pin.py. And I'll go ahead and make my screen a little taller here so we can see more. AUDIENCE: Close the parentheses. DAVID MALAN: Thank you. Thank you. Thank you. New here. OK. So here we go. We've now written a program that, granted is not cracking anything, but it is demonstrating how easily and how quickly we can generate numbers from 0 on up to 9,999. It's not quite right. These aren't four digit codes because they're being treated as numbers. But there's actually syntax with which we can solve this. And if you've never seen this before, you can actually just say something like this colon 0 4. And that's just going to reform my output as being four digits. And it's going to pat it with zeros instead. So boom. I've written a program that generates all possible four digit codes. Of course, I've been deliberately sleeping, that is pausing, each time I'm printing something out. A hacker is not going to do that. They are going to try to do this as quickly as possible. No need for sleep whatsoever. So let me just rerun this code, getting rid of those lines. Boom. That's every possible four digit code that you might have on your bank account or on some email account or the like, assuming the system allows you to have a relatively short number like that. You might think. OK. Well, what's better than four digits? Five digits. Let's just increase it. But I think that adversary is going to be able to crack that pin as well. I'm not even over at the screen yet and it's done already. It is not hard once you know how to program, not only to use these systems for good, but in this case, for some form of evil. Now maybe you're off the hook because you're not as simplistic as I claim as to use only, for instance, an alphabetical or rather a numeric code. Maybe you're using a word and not a word as simple as password. It's a more arcane word from English or perhaps some other language. That, too, doesn't really matter. Let me go ahead and copy from our source directory today, which for the students is available online, that large dictionary that we had from problem sets five wherein you loaded all of these words into a dictionary of your own. There was 140,000 some odd words here. I'm going to go ahead and create another file, though. This one called password.py. And recall from some of our building blocks over the past few weeks how easy it is to similarly manipulate words from a dictionary. Let me go ahead and again, initially import sleep just so that we can see this happening. I'm then going to say with open. Large in read mode. And I'm going to call this as file. And over here I'm going to go ahead and say now for word in. I want to say file. And we've not perhaps seen this one, but it turns out there's a really easy Python function where you can say file dot read lines. And it's just going to slurp in all of the 140,000 words from the file and allow you to iterate over them one at a time. And if I want to go ahead and print this out, I'll use print again, as before. And I'm going to go and claim that I'm checking, for instance, that word dot, dot, dot just as I claim to be checking a pin. Now again, I'm not checking anything. I'm just demonstrating that I could be checking this fast as by simply printing out these words instead. And I'm going to go ahead and as before, sleep for a tenth of a second on each iteration. But I'm also in anticipation going to call this function, which some students will recall is to strip off any whitespace at the end of the line. Recall that in large our big dictionary, there was a new line character at the end of every word. So this line of code will we'll get rid of this here. Yeah. Question over here. AUDIENCE: What's the significance of different colors? DAVID MALAN: What's the significance of the different colors? This is happening automatically in my text editor the program I'm using to write code. Each type of word or blocks of words that I type have a different semantic meaning to the computer. And so, the computer is highlighting them in that way to draw my attention to different types of words here. For instance, we have this preposition from that does something like load someone else's code. Time, though, and sleep are names of things that other humans have actually invented. So I'm going to go ahead now and run this as Python of password.py. We'll see, as the students will recall, all of the words in that dictionary starting with the A words, then the B words, then the C words, and so forth all the way down through F. Now, of course, I'm sleeping unnecessarily. But if during this demonstration you see your own password fly by the screen, it's not that hard for an adversary to be writing code like this and not just printing out the possible passwords, but trying to log into your account again and again and again until they gain access to the system. And in fact, if we deliberately speed this up, let's not bother sleeping. We'll get rid of all of the sleep related lines as before. Now, run this code. Now, I'm not even over at the board and it's already done 140,000 words. Which is to say if you're choosing a password that's just a word in the dictionary, whether it's English or some other language, you're not off the hook. You're not being so clever because anyone with a computer can check all of those codes. Now you might think, well, this is why someone had abc123. That's not in the dictionary. That's not just numbers. That's not just letters. But, come on. If you give me a few more minutes, I bet we could write a program together that starts with letters and ends with numbers or vise versa. We could try to concoct these patterns. And granted, it's going to get a little slower. A little slower, the more complicated it gets. But it can. The adversary, if the goal is to get your money, get your data, might have all the time in the world to actually wage that attack. And so, I would consider moving forward exactly what the implications are of putting your data in one place or another and not thinking to actually secure it because in the best case, someone nosily might end up getting in. At worst case, more than that, whether it's financial or personal, might be compromised. Well, what other forms does information come that might hint at potential threats for us too? Well you've all probably heard of cookies, when it comes to the web. And indeed, if you pursue our web track in a couple of weeks' time will you dive in deeper to what these things can do. But cookies are little pieces of information that websites plant on your Mac or PC or your phone anytime you visit the website. Now, that might seem a little creepy at first glance and it can be used for creepy purposes. Advertising and other such tracking applications among them. But this is actually a very useful primitive and computer science and web programming, in that if you have the ability to plant a little file on someone's computer, it's like the digital version of a hand stamp. You can remember that you've seen them before. And that's actually useful because when you log into Gmail or whatever email account you have, you don't really want to be typing in your username and password every time you look at a new message. Gmail or Google would be a little obnoxious if they kept asking you wait a minute, who are you? Wait a minute, who are you? These cookies are stored on your computer so that, unbeknownst to you, it's sent from you, the browser, to them, the server, to just remind them perpetually who you are because you've already logged in. And we can actually see this. Let me actually go over to my browser and you, too, might be in the habit of using Chrome just as I am here. And I can go in Chrome go to View, Developer, and go to Developer Tools. And you can do this, too, at home on your own Mac or PC. You can do this with Firefox, or Edge, or other browsers as well. And you'll see among the various things that just popped up are not terribly user friendly. This is really the domain of indeed developers or programmers. But I've clicked on this network tab here because on my own Mac or PC, if I visit some url like www.google.com and hit Enter, I can actually see inside of Chrome all of the requests my computer has just made over the internet from me to Google.com. And I'm going to go ahead and click on the very first of these here. And this, too, is going to look pretty arcane for today's purposes, but it's only meant to reveal what it is that's going on here. Let me scroll down, down, down, down, down. And you'll see a few things here request headers. These are little pieces of information that my Mac, and in term Chrome, just sent to Google.com com simply because I visited the website. And then if I scroll down here, we'll see response headers. This is what's coming back from Google.com to my own Mac or PC. And this is the line that's interesting. If you've ever heard about a cookie, all it means when I say a server is planting some information or a file on your computer, it's really just doing this. The response you're getting from Google.com simply says literally in English set dash cookie colon, and then some value. And to be fair, that value is pretty arcane looking. It looks a little weird. It apparently is going to expire in December. So I can infer from this that Google wants to be able to remember me at least for a couple more months to the end of the year. And this value here collectively would seem to be like a hand stamp they've put on my computer so that if I now proceed to do searches, if I proceed to log into Gmail, use Google Calendar, or the like, they know who I am or they know that it's me again and again. So what does this mean? This means that any website you visit can certainly be tracking what it is you're doing and where it is you're going. And because big companies like Google have advertising networks as part of their portfolio, if a website that's not Google.com is something else dot com, or something even else dot com, and they are using Google's advertising, well long story short, these cookies unfortunately are sent. These digital hand stamps are presented, not just to those individual websites, but also to Google again, and again, and again because they are the middleman in this story. The advertising network that's using ads on all of these different websites. So here a very fundamentally useful and compelling computer science principle can be used certainly for wonderfully useful applications, just remembering that I'm logged in. But also, if you don't think twice about it or if you want to make money off of it, can be used for these other purposes as well. Now we won't go down this rabbit hole today of well this is largely advertising what has helped make the internet become what it is. So there are trade certainly here, but that too has been thematic. But again, I would encourage you, as you discover more and more of these principles these things you can do through code, that you consider whether indeed you should be doing so as well. Well, what else might you do to mitigate this? Well some of you might be in the habit of using at work or at home incognito mode or private mode, which most browsers today support. Well what is that actually doing? Well, according to Google, it says Chrome won't save the following information, your browsing history, cookies and site data, information entered in forms, and so forth. Well, that means literally that. Even if Google or Facebook or some other website sends you a set cookie value saying please store this, Chrome, in this case, it's just going to throw it away. It's going to empty the cookie jar, so to speak, once you close that incognito window. However, your browser is still sending to Google or Facebook or whatever website you're visiting those values again, and again, and again. You're not private within that window, per se. You're only private within that window with respect to everything else you have opened. So for instance, if I go now here and go to View, Developer, and Developer Tools. And I have my network tab open again and I visit something like https://www.google.com and hit Enter, you'll see that Google is indeed still planting a cookie. This time, I got two cookies from Google on my computer. And those cookies will exist for as long as I have this incognito window open. So Google might be able to infer who I am or that I am the same person based on these cookies. But they know even more than that. If I scroll back down to where we began to these requests headers, the information my browser is sending to the server, you'll notice that among these values is something like this. This one, too, looks a little arcane. Let me go ahead and zoom in on it here. But it's called user agent. It's formatted in the same way. User dash agent colon. And then an arcane string here. But it looks like for whatever reason, my computer is telling Google without my even asking it to that I'm using a Mac, that I'm running Mac OS 10.14. 6 at the moment. And if I keep scrolling, it's going to tell it further that this is a specific version of Google Chrome. And this is just some of the information that is leaked deliberately and often for good purposes. But these are the kinds of traces we all leave when we're using the internet. And we won't even go down this rabbit hole too, but all of our computers have unique addresses. You might have heard of things called IP addresses. You can't just get rid of those much like you can't just remove your postal address and expect mail to still arrival. All of us have unique addresses that are still being presented to these servers. And so, through computer science, through courses like this, and through reading up on these kinds of topics hereinafter realize that in understanding these primitives, these things like cookies and how they are set can you at least then, we hope, make a more informed decision as to whether to use them in that way or not or to visit websites in some way that you know to be using them for some purpose. Well what do we have besides this to perhaps worry about in the world? I daresay Snapchat is pretty popular these days. And of course, with Snapchat there's this notion that they popularized it being able to delete photos after 1 second or 10 seconds or the like. And in fact, you all may recall from problems set four. You implemented recover in a language called C and you recovered photos that had been deleted. So clearly already, deleted doesn't necessarily have to mean deleted. And that's certainly the case even for third party services. Now to be fair, we can only guess how it is Snapchat works underneath the hood. They claim to be deleting your photos after some number of seconds, but let's consider for a moment what that might actually mean because it's our information we're putting out there, in this case in pictorial form. If you've never use Snapchat, when taking a photo, you're able to see a screen like this and allow your message to expire either never or infinitely many seconds from now, or 1 to 10 seconds somewhere in between. After which, the photo is deleted. Well what does that mean? In the context of last week, those of you with now background in SQL might hope that what Snapchat is doing on their servers is executing a query like this. Delete from snaps where ID equals something. And the question mark represents the idea of the snap you just sent, the photograph that you just took. But maybe they're doing that. We, as outsiders as users, have no way to audit this. We can only trust what they say. What if they're instead just doing something like this? Update snaps, set deleted equals true where ID equals question mark, where that again is the identifier of your snap. Now what is this representative of? Well in the world of computer science, there's this notion of hard deletion and soft deletion. Hard delete means truly just delete the data, like throw the bits away so that they really shouldn't be recoverable. Soft delete is generally implemented like this, where you literally change a 0 to a 1, a false to a true in your database to just remember oh the user deleted this. But that doesn't mean we have to throw the data away. This might have value for marketing purposes, for analytical purposes, business purposes, or the like. So for all intents and purposes, it's deleted because you the user can't get it back and no one else can see it. But perhaps one or more employees at Snap can see that data. And perhaps, that's the kind of data that's at risk of being leaked out longer term. And we've not even discussed things like backups, which too have upsides. You don't want your data to get lost, but you also don't want your data to get stuck on some backup in perpetuity as well. So the lesson here we would propose is just consider. Don't just trust what some tool or some application or developer says something does. Decide for yourself just how much weight to give those claims and whether or not this kind of risk is worth taking photos that you might regret, or wish to unsend because there really is no notion of unsending, no matter what it is these applications describe it as. One last one that we saw just a couple of weeks ago. Photo, the ability to tagged photos using artificial intelligence and machine learning these days, or just simple pattern matching was incredibly easy and a few lines of Python code to pick me out, for instance, out of all of CS50 staff based on relatively little information. This is enhanced, the closest thereof. This is a fuzzy picture. Didn't represent it really just by two eyes, a nose, and a mouth that apparently resembles my particular face. This was really easy to do. And I don't have to tell you these days that if you're on social media, all of us have probably been uploading or have had upload on our behalf photographs of us that are then tagged and we have for better or for worse been just telling the world what we look like from all sorts of angles. And here too, can the data perhaps be misused. Yes, it's wonderfully useful when you upload an album because your friends can see oh, that was a great night out. We can now reminisce about those memories. But someone else can be scraping all that data, as we have read about having happened in the past. And someone else might use that data to find you in a crowd where you don't want to be found. Or governments could do this too, based on driver's licenses photos or the like. Here, too, just because the software can do something doesn't necessarily mean we should do that. So we have all of these building blocks underneath our belts now from week zero on through up eight. We have a number of languages under our belts. And for the final weeks of the class is the goal ultimately, to take off the last of the training wheels. In fact, the training wheels we literally took off just a few weeks ago are sitting over there now. And now, is there an opportunity for you in the weeks ahead as the students in the room to decide on your follow on tracks. All toward an end of CS50's final project. And among the tracks, for instance, that are on the horizon for your web programming. This is taking primitives like we just saw there, using JavaScript, HTML, CSS, plus some more Python and SQL which you've seen over the past couple of weeks, to build applications. This particular track will be led by CS50's own Brian. And among the projects you'll tackle over the coming weeks are something like this. CS50 finance, so to speak, which is a web based application via which you can buy quote unquote and sell quote unquote stocks using real time data from an actual API, application programming interface, to get the latest prices for stock symbols in the world. So you and this track will build this application complete with the ability to log in, to log out, to buy stocks, sell stocks, all using virtual dollars and using a SQL database underneath the hood to keep track of that information. If you pursue the mobile track instead, applying your past eight weeks of skills and concepts to a domain familiar to you and the phone you have in your own pocket can you explore programming on iOS or iPhones with a language called Swift. Or if you're an Android user exploring that domain instead, using a language called Java. In this track, you'll be led by CS50's own Tommy McWilliam, who will guide you to a number of projects, one of which implementing your own Pokemon decks, a sort of Rolodex for Pokemon characters, including all of the native user interface elements that come with both iOS and Android. You'll be able to explore an Instagram like application reminiscent of some of the filters that you did in problem set four. But this one will be interactive and on your own device or in a simulator much closer to the app, whether it's Instagram or Snapchat that you yourself are familiar with. And then lastly in this track will you implement your own note taking application. The ability to add and remove information to keep track of todo's, whether it's a grocery list, class schedule, or something else altogether. And then lastly, you have the choice of CS50's games track using a language called Lua. This is a language that facilitates implementing games and many other applications as well. And CS50's own Colton Ogden will introduce you to a couple of applications, some of which our parents in the room might recall. This was one of the first games ever implemented on a computer, for instance. Not to date people in the room. But this is a game called Pong. And it's relatively simple mechanically. You move these white paddles up, down, up, down, on the left and on the right. And this little ball back in my day was represented with a pixel, if you will. That ball is going to bounce back and forth against those paddles. So you have to figure out exactly how to do the reflections and how to implement that interface. And then, as is consistent with the CS50's theme of beginning with Mario, you can end the semester with Mario again, implementing your own version of Super Mario Brothers, which is representative of a two dimensional side scrolling game, so to speak, implementing this on your own Mac or PC using your own computer. Indeed, for each of these tracks do you no longer need to use CS50 IDE. And while you're welcome to for at least the web track, you can now use tools that are freely available and are the types of tools you'll use after this course, in the real world. The goal of the final few weeks of the class is indeed this final project. The goal of which is to apply these lessons learned now to a project of your own design. In the coming weeks when you propose and then design, and then implement your final project inspired perhaps by any of those tracks, you'll be able, for instance, in the web track to download Python, the language, and in turn, the interpreter, onto your own Mac or PC and use it. You can use a popular tool like I used briefly today, Visual Studio Code, which is a free and open source tool that's gaining momentum in industry because it's relatively accessible and has lots of features many more than CS50's own IDE. Xcode, by contrast, is what you'll use if you're using a Mac and developing an iOS project for your iPhone because of that being the software that Apple provides for that. Or in the worlds of Google's, Android Studio, a free tool that you can use to build those Android applications as well. But how are we going to get there and how will we support you along the the way? So there's this tradition in CS50 for the past decade of a CS50 hackathon. This is an event that will begin at 7:00 PM sometime in December and will end at 7 AM the next night. But unlike most, for instance, all night affairs, this one will be entirely focused on building something and creating something alongside all of your classmates and all of your staff, including some of our friends from Yale as well. Upon arrival, we'll all CS50 staff greet you at the top of the stairs where you check in, get settled for the night, and ultimately spend those 12 hours working theoretically on your final project. Perhaps, even putting the finishing touches on it here. One of the rooms from across the river where the event is held, this I think is shortly after a bug was fixed later that night. But along the way, there will be made several meal times as well. We're in the habit of providing 100 of burritos from Philippe's around 9 PM. Domino's kindly brings a few 100 pizzas around 1:00 AM. And then, if you're still awake at 5:00 AM, will some Harvard shuttles take us too. And our therapy dog who will also be in attendance will take us down the road to Ihop for pancakes at 5 AM if you would like to join us there. [LAUGHTER] And after that is the final, the one final capstone to which everyone in this room parents and families as well are invited as are all faculty and staff across campus, is the CS50 fair. A campus wide exhibition of all students final projects at which you'll be to which you'll bring your laptop. We'll have music, and popcorn, and candy, and friends, and alumni from industry. And it really is meant to be this exhibition of in celebration of the final projects you by that point a month hence will have created. Its at central Harvard Square in the Smith center and will you be greeted by such visuals as these. Our friends at Yale will be doing the same in parallel. And it's just an opportunity to see what you and your friends have done to invite them as well to see what you've accomplished this term. And to ultimately share in the kinds of projects that you've both created with a few passers by here, as well. And here is where I wanted to thank the staff, not only those who helped run the show in the room here. But also a few of the course's heads, literally heads. This here is CS50 staff here in Cambridge this past year. All of our teaching fellows, course assistants, producers, and the like. These are our team members at Yale, where the course is indeed held in parallel. And there is a few faces we wanted to call in particular. Rodrigo, our head teaching fellow who sadly is graduating, but has been with the course for so many years. Emma, who is currently our head CA, will take over as head teaching fellow this coming year. And of course, Brian, many of whom you know as the course's preceptor who himself holds both of those roles over the past couple of years. But this is where we'll end just as we began. 2/3 of you eight weeks ago had never taken CS before. And when we surveyed you as to your comfort levels, you might recall this breakdown. That over some 49% percent of you described yourselves as among those less comfortable just with the idea of taking, shopping, let alone staying in the course like CS50. 16% of you described yourselves as more comfortable. And 35% described yourselves as somewhere in between. As you now embark on your final projects of your own choice, I can officially decree that you are all now more comfortable. This then, was just the beginning of your journey toward the end of these final projects. Thank you all, too, for coming today and for joining us this semester. This was CS50. [APPLAUSE]
B1 中級 CS50 2019-閱讀8-資料 (CS50 2019 - Lecture 8 - Information) 2 0 林宜悉 發佈於 2021 年 01 月 14 日 更多分享 分享 收藏 回報 影片單字