Sep 212016
 

At Quanta today a nice article written for the masses tells about formal methods.

Many of us believe that such methods are what we need in the long run, not just for security but quality in general. We can’t get much solace from a program which defies malicious use if it also fails users with benevolent needs. And it turns out that the issues of security (itself a big definition) go hand-in-hand with the business of getting your functionality right.

Please understand a particular challenge called out in that article. It talks about hardening just some critical points (for security), and the reality is: designing with mixed levels of formalisms is incredibly hard. You would not presume a house is secure for having done a really good job on properties of the deadbolt lock if your door was not correctly fastened to the hinge side; you sort of need to know things about both, not just a lot about one side.

Other analogies apply. If you take a glass of pure spring water and drop in a bit of sewer water, you end up with sewer water; if you take a glass of sewer water and mix in pure spring water, then you still have sewer water. The suggestion is you’re no better off than the poorest piece of your system, and moreover systems are often not built from discrete blocks so much as code blends. Just pouring in some quality ingredients doesn’t make the rest palatable. You usually only know something strong about a program’s value once you see it in context.

Students in our program should reasonably ask what our department offers in the way of formal methods, whether just for security or for quality overall. Today the answer is “not much”, but years ago all students starting in our introductory programming sequence learned our crafts using formal methods (functional notations and some specification frameworks pioneered by a fellow named Harlan Mills.) The canonical ‘old guy’ observation is that we consistently graduated some of the best programmers of the era, which we attribute to the fact that they all learned fine code design in a framework that rewarded structures about which someone could reason. You had to take the time to make it clean and simple so you could meet the spec and move on. The debug-by-friction habits we see students picking up in our Java sequence (and often never shaking) would not get you far. As it turns out, and judging by what we see in learning outcomes assessments, those hack-and-slash techniques aren’t getting students very far today either.

What happened? The long-standing internecine warfare between field committees in our CS department left formal methods a thing of the past; software engineering lost. Today’s leadership has pretty much put a nail in the coffin of the robust software quality perspective which helped put our department on the map. This is true in our curriculum, and to a great extent even in our research, wherein resources and policies support the pet programs of select faculty doing other things.

And what a shame. The linked article makes clear the formal methods of that era grew and are blooming today, in ways we might never have dreamed but had certainly hoped. It is a space in which Maryland might have led. Our courses would certainly not be using tools from a couple decades ago – after all, our insights would improve over time as did everyone else’s – but we’d at least be in the game and talking authoritatively about the big picture of quality. Our campus leaders instead have just what they engineered: a department that, lacking its own vision, whores after dollars in a cybersecurity market built by others instead of setting the industry’s standard for quality (of which security is one piece).

 Posted by at 10:53 am on September 21, 2016
Sep 132016
 

A few articles on university competitiveness turn up with this morning’s coffee. A fine article from the Foundation for Economic Education (whose links you see sprinkled around our web site here for good reason) addresses what we would call the mission drift on campuses; as stakeholders are freed to define more of their own roles, understandably many define them to be something other than the mission which created a campus in the first place.

An Atlantic article comments on administrative bloat. The author could very well have said “see Maryland.”

So it is also thus not necessarily a coincidence that we place where we do in the latest US News and World Report rankings which just came out. College Park lives among the also-rans (tied for number 60 with with Fordham, Purdue, Syracuse, Connecticut and WPI), and a drop from last year. (Formerly at 19 among public schools, now at 20.) Compare for yourself at USNWR.

 Posted by at 6:52 am on September 13, 2016
Aug 252016
 

… where your cronies give you a $75,000 bonus without feeling the need to actually explain what it is for. Maybe they felt sorry for him trying to scrape by on just $600,000 a year in salary and the housing, travel and administrative expenses they pick up for him on top of that.

STEM majors paying differential tuition and increasing fees here at College Park might want to look into whether we offer any classes on being a chancellor, so they can learn how to get by like this someday. (Our view: maybe he did something worthy of a bonus, but the fat-cats writing that check should be on the hook to explain to hard-working taxpayers what it is for.)

 Posted by at 8:09 am on August 25, 2016
Aug 252016
 

Kudos to the University of Chicago for asserting a strong position on intellectually diverse and open speech on its campus, which is to say, they offer no “trigger warnings” or “safe space”. (This is also reported in the student newspaper there.)

College Park manages to avoid unseemly confrontations by only inviting right-thinking (which is to say, left-thinking) visitors who mouth the group-think here in the first place.

 Posted by at 8:02 am on August 25, 2016
Aug 242016
 

Bloomberg reports on Baltimore Secret Cameras, which constantly record in the city. It’s a good article on how much surveillance really goes on … and in a city that has just been issued a scathing report from the Department of Justice on persistent and long-term civil rights violations in its police department. Yes, it does seem like these things go together, doesn’t it?

 Posted by at 6:31 pm on August 24, 2016
Aug 142016
 

The Purple Line’s funding issues have recently slowed its early construction efforts, but never fear, its proponents – including, we presume UM President Wallace Loh, who single-handedly overcame local opposition and championed this campus-splitting project’s approval – remain optimistic about its prospects.

Which is more optimism than we can muster for traffic conditions during said implementation based on reading the Washington Post’s article about a similar light rail project in Charlotte. Read for yourself the devastating effect that project has on the region there.

 Posted by at 9:34 pm on August 14, 2016
Jun 292016
 

Clicking ‘I accept’ doesn’t mean you surrender right to know how a company uses your data“. That’s the title of an article about some of the many ways companies use your data, often without your full appreciation of what you have given away.

As described in the linked article, some people are working hard to help you and fellow consumers be more informed about the effect of those disclosures. Bravo!

 Posted by at 4:56 pm on June 29, 2016