[MUSIC PLAYING]
DAVID MALAN: All right.
This is CS50.
And just eight weeks
ago, 2/3 of you had never
studied any computer science before.
And what we thought we'd begin with
today is really a look back of truly
how far you've come over
just those several weeks.
In fact, it was just eight
weeks ago when you first
started tinkering with Scratch,
this graphical programming language
by which you could drag and drop
puzzle pieces and make the computer
do what you want.
And then a week later,
you might have struggled
with just getting Mario to
ascend a pyramid by way of hashes
that you were printing.
Which at the time was
perhaps quite non obvious,
but it's ever since has just been what?
A pair of nested four loops.
And then the week after that,
you explored cryptography
among other fields.
And you learned how to encrypt
and you decrypted information,
like this snippet here.
After that, you explored some electoral
processes and the implementation
of algorithms that you might be familiar
with from the real world, but perhaps
didn't think about the trade offs in
choosing one algorithm or another.
And then ultimately,
implementing it in code.
Just a week later did we
transition to filters on Instagram,
implementing things like
your own sepia filters.
So that moving forward,
hopefully, you won't
take for granted when you click that
button on the screen on your phone,
you actually know or
can presume, or infer,
what's going on underneath the hood as
it changes from one setting to another.
And then, of course, Big Board, where
we handed you some 140,000 English words
and a really large file.
And you had to implement
your own spell check,
or a dictionary so to speak, with
using as little amount of time
and as little space as you could,
implementing ultimately your own hash
table.
Thankfully since then, we can now take
for granted that those things exist.
But you, indeed, built
that from scratch.
Just a week later, we started
handing you large files like this.
And of all things, you were able to
deduce by writing some Python code
that this is lavender's
DNA, among others
in the class whose files we handed you.
And then most recently,
or perhaps quite soon,
when you learn to
apply another language.
In this case, SQL.
To questions like who has starred
in films with Kevin Bacon.
And so, a number of tools
are now in your toolkit.
And again, I would just emphasize
that eight weeks ago, 2/3 of you
had never done any of that before.
So even if it's felt
like it has never let up
and each week feels all the
more challenging than the last,
consider the delta.
Consider what we promised in
the first week of the class.
That what ultimately
matters in this course
is not so much where you end
up relative to your classmates,
but where you end up relative
to yourself when you began.
And it is, indeed, those eight
weeks ago that you began.
And it's today and in the courses
final weeks that you will ultimately
be able to compare yourself.
So in trying to think today about what
we hope your own takeaways are from,
not only the course, but
computer science more generally,
I actually pulled up
some of my own notes.
You might recall from week zero that
I mentioned I took this course myself
back in 1996 and it happened to be the
one that turned me from a government
major to a computer science major.
And I didn't take many notes at
first, it seems in that first class.
Now, there were a couple of other pages.
And so, I started flipping
through these and in fact,
this was my second page of notes.
And if you focus on what's up here at
the top, apparently, one of my first
notes to myself that a function,
for those unfamiliar today,
are instructions that do the work.
And indeed, if I looked down
further on my notes, arguments
we introduced that same first day.
It's info that's passed
from one function to another
to have something done
by or performed on it.
All right.
So that actually maps
wonderfully cleanly to what
it is we indeed started ourselves
doing those eight weeks ago.
Just talking about what
CS is, problem solving.
And a problem is just
something that's got input.
And the goal, of course, is to
produce something with output.
And we had to agree from
that very first week
how we're going to represent
these inputs and outputs.
And so, we might do it symbolically
with letters of the alphabet.
We know since then with that we might
do it numerically as with decimal digits
or below that, we might just
use binary, a different base
system using only zeros and ones.
Or we could even represent
that same capital A just using
some pattern of light bulbs or switches
that you turn on in some order.
In fact, if you think back
then to these first principles
that we introduced those weeks
ago, to any of the students
now in the audience, what does this say?
AUDIENCE: Hi.
DAVID MALAN: Hi.
So it indeed says hi.
Why is that?
Well, we just agreed weeks ago on
what numbers map to what letters.
And so as long as all of
the humans in the world
agree on that when they're sending
emails, or text messages, or the like,
our computer systems can
all present information
that we ultimately understand.
Another review question from week zero.
What did this say way back when?
If you need a hint, it was
it was in decimal 128,514.
A little louder.
AUDIENCE: Emoji.
DAVID MALAN: Emoji.
This was the face with
tears of joy, right?
Taking all of the fun
out of sending emojis.
Anytime you receive or send an
emoji, really all you're sending
is a pattern of zeros and ones,
or worse the number 128,514.
But your computer or phone
are presenting it to you
in a certain way based on that context.
All based on just how we humans
or those before us decided
how to represent this information.
But of course, we don't have
just those inputs and outputs.
There is another piece to the puzzle.
And so, I actually looked back
at my own third page of notes
here and focused on my first
line here back in 1996.
An algorithm is apparently
a precise sequence
of steps for getting something
done and programming more generally
is a process of taking an
algorithm and putting it
into a language a computer can process.
And indeed, that really was
the additional puzzle piece
we first focused on in week zero.
It was what was inside
the proverbial black box?
The sort of secret sauce that
you provide your input to,
you get your output from.
Those are the algorithms that we've
been talking about ever since now, not
just in pseudocode or in English.
But in C, and in Python, and now SQL.
And then in the coming weeks,
a few other languages as well.
But of course, we used
algorithms to solve problems
and one problem is and
was rather old school.
And we thought we'd reflect
just a bit and perhaps
reinforce that same week zero if
by taking a couple of volunteers.
Perhaps a student and one
of their family members
voluntarily or forcibly with them.
You have to be comfortable,
though, appearing on stage
and in turn, the internet
in perpetuity is the catch.
I see-- OK.
I see one volunteer
and either mom or dad
finding out who is not going to go up.
OK
[LAUGHTER]
Come on up.
A round of applause if we
could for our volunteers.
[APPLAUSE]
DAVID MALAN: Come on over this way.
And what is your name?
DANIELLA: Daniella.
DAVID MALAN: Daniella.
Nice to meet you.
Come on over here.
And what is your name?
MARIANO: Mariano.
DAVID MALAN: Mariano.
And your dad, I presume.
MARIANO: Yes.
DAVID MALAN: All right.
Well, so nice to see you both.
You'll recall from week zero that
one of the first problems we solved
was looking up someone in a phone book.
Well, here I have a pretty
thick yellow pages wherein
there's a whole bunch of products and
services alphabetized from A to Z.
And we can, of course, look up the
number for someone in this book.
For instance, suppose
today we need a plumber.
Could we ask Mariano to find us
a plumber in this phone book?
Flipping through a few pages.
A lot of pages.
Yeah.
OK.
All right.
And we have a page full of plumbers.
And now, could your dad have
done better do you think?
DANIELLA: Yes.
DAVID MALAN: I think so.
So would you like to show
dad and other parents here
what you might have done instead?
Oh my goodness.
[LAUGHTER]
OK.
Thank you.
[APPLAUSE]
[LAUGHTER]
DAVID MALAN: And for those wondering,
let's continue the algorithm,
if you will.
What's your next step?
[LAUGHTER]
Nice.
And why are you doing this, though?
DANIELLA: So I open halfway and
then if it's not on the page
and it looks like, for example,
if it's n, I know p is afterwards.
So I need to get rid of the first
half and just look at the second half.
DAVID MALAN: Well, need
to is a little strong.
[LAUGHTER]
But you can get rid of--
yes, indeed.
So if you keep this process going,
halving, and halving, and halving,
what should you be left with ultimately?
DANIELLA: Just the letter p.
DAVID MALAN: Just the letter p.
Round of applause would be good
for both of our volunteers here.
[APPLAUSE]
DAVID MALAN: Thank you.
A CS50 stress ball for you both.
Thank you so much.
Oh, thank you.
Thanks.
So that was one of the
first lessons with which we
began focusing on algorithms.
And the point back then, recall, was to
really emphasize the familiar, right?
We might not use that particular
technology all that much anymore.
But it really is fundamentally the
same thing that's now in our iPhones
and Android devices and the like.
It just so happens that we search for
things by scrolling with our finger
up and down.
But consider too, even
these days in 2019
when you type into the
auto-complete to search
for someone by first
name or last name, how
is your phone finding that information?
It's exactly like that.
Not quite as physically as that.
But most likely for
efficiency, your phone
is looking roughly in the middle
of all of those names then jumping
up or down in the blink of an eye
in order to find that person for you
ever so quickly.
And so, all of us might have
an intuitive understanding,
just like Mariano did, for finding
plumbers by jumping to the p section.
But then, he came close to the p
section, but then started flipping.
And I dare say you flipped
through far more pages
than you ultimately needed to
using our more efficient divide
and conquer if one time
only algorithm instead.
So beyond algorithms, I recall
that I had just a few other notes.
On my last page of notes,
I also had this here.
That what was apparently
important then and no less so
now is that in computer science
and in turn programming,
precision is important and
correctness is important.
And indeed, one of
the things you perhaps
gleaned in programming, whether
in Scratch or C or Python
or SQL over the past few weeks, is that
the computers are really unforgiving.
They can't just infer like we humans do.
And frankly, I'm not sure we would want
our computers to just infer sometimes
what we mean if the goal is
precision and correctness.
You need to be ever so precise.
So let's see, perhaps, with
one more demonstration just how
much this one has perhaps sunk in.
If we can get perhaps two more
volunteers, a student and family member
as well.
Student and family member.
Here and I don't see a
family member's hand up.
Can you convince one?
OK.
Come on up.
Wonderful.
A round of applause for our
other pair of volunteers here.
[APPLAUSE]
So now for this one, not
everyone's off the hook.
If all the students in the room,
if they have a piece of paper
and/or a pen or pencil could take that
out and share with anyone next you
if you don't have.
Emma and Brian are also going
to pass out some paper and pens
if you don't have a writing apparatus.
The goal at hand is
actually for all of us
to participate, thanks
to our two volunteers.
And what's your name?
DAVID: David.
DAVID MALAN: David.
Nice to see you.
SPEAKER: [INAUDIBLE]
DAVID MALAN: [INAUDIBLE]
Nice to see you, as well.
Come on over in here.
And this will be a two
part exercise as well.
And the first goal at
hand is for you to choose.
Do you want to go first or dad, is it?
Would you like your dad to go first?
DAVID: OK.
I'll go first.
DAVID MALAN: You're going to go first.
All right.
So come on over here.
And what I'm going to show David in
just a moment is an image on the screen
that I'm going to ask that
he program you, the audience,
to draw giving verbal instructions only.
The goal of which is for him
to be as precise as possible
and as correct as possible to compel
the audience, much like a computer,
to follow his instructions.
And in turn, implement your algorithm.
So in just a moment, David
is going to rattle off step
by step instructions for having
everyone in the audience draw this.
You are the only one that
can see what's on the screen.
Everyone in the audience just about has
a piece of paper and a pen or pencil.
And I just need you very
confidently, clearly,
to recite step by step instructions by
which everyone with their pen or pencil
can draw what you see
on the screen here.
Makes sense?
DAVID: Yes.
DAVID MALAN: You may use any
verbal instructions you like.
DAVID: OK.
DAVID MALAN: All right.
Just about ready to begin?
The goal, precision correctness.
Begin.
DAVID: OK.
Step 1.
Draw a sideways square.
[LAUGHTER]
Sideways.
45 degrees rotated.
Yeah.
DAVID MALAN: OK.
DAVID: From the bottom three
corners, draw a straight line down
that's approximately the length
of each side of the square.
DAVID MALAN: Unfortunately, programs
cannot ask questions of programmer.
So we continue on with the next step.
DAVID: And finally, between
the first and second line,
draw a line connecting
the two at the end.
And between the second and third
line, draw a line connecting the end.
DAVID MALAN: All right.
How do you feel about your instructions?
Precise and correct?
DAVID: Wishy-washy.
DAVID MALAN: Wishy-washy.
OK.
All right.
So let's go ahead.
Hang on to the mic for just a moment.
I'm going to hop down into
the audience with our TFs just
to grab a few representative solutions.
If you wouldn't mind my
grabbing a few sheets of paper
from folks who have participated.
Let me take a few over
here, just a random sample.
Welcome to volunteer proactively
or keep it to yourself.
Let me go in over here.
OK.
Thank you so much.
Any takers over here?
OK.
All right.
Good.
Good.
Good.
Thank you.
And all right.
The TFs are grabbing a couple too.
See some over here.
All right.
That should do.
That should do.
Let me grab these from
Brian over here and Emma.
Oh, those are blank.
All right.
So I think we have plenty over here.
So let's take a look before we
do part two of two, if I may,
at how well David
programmed the audience.
I'm going to go ahead in
just a moment and pull up
a projection of some of
these drawings here that
are the results of these operations.
So let me flip through.
Get a sample here.
And I see a lot of good options here.
I see this picture here, which
perhaps resembles what you drew.
See this one here the top
corner, very similar in spirit.
This one left a lot of
room for other things but--
[LAUGHTER]
This one was a little
more abstract, if I may.
[LAUGHTER]
And so, let me go over to a
spoiler to show you what it
is David was programming you to draw.
And with some suspense,
he was compelling you
to draw we hope this here.
All right.
So close or not close perhaps.
All right.
Round of applause for
David, if we could.
[APPLAUSE]
DAVID MALAN: Thank you.
One moment.
And so, you gave pretty--
you used, if you would,
abstractions in discussing this.
You said a sideways square,
used 45 degree angles
hoping that folks would presumably
know what you mean by that.
Why did you not just say
draw a cube, for instance?
DAVID: I thought that would be cheating.
DAVID MALAN: OK.
Well, it would not have
been cheating, but it would
have been a wonderful abstraction.
If everyone in the room,
assuming, knows what in a cube is,
you might then be compelled
to draw it quite quickly.
But that, too, leaves
ambiguity and lacks precision.
Well, how is the cube oriented?
Is it this way?
Is it that way?
Is a curved this way?
So sometimes, these abstractions
aren't sufficiently helpful.
So I probably would have
done what you did as well.
Now let's do one other
example here, if we could.
I'm going to go ahead in just a moment
and project an image onto the screen
that everyone in the audience
can see except you two.
Let me go ahead and re
angle this a little bit.
And if father and son would like
to get together or solo draw
a picture that the audience is
going to tell you how to draw.
So we're going to flip the roles now.
You all will see the
drawing on the screen.
We ask that you tell our
volunteers what to draw.
You can use any words that you want,
but you cannot ask questions and no
physical gestures to explain.
All right.
Unfortunately, it's a little
hard technologically here
in that the solution
is going to be there.
The solution is going to be there.
So we're going to have to put
some visors on you, if we could--
[LAUGHTER]
--so that you can only
see straight forward.
And if you don't mind hugging
the board as close as possible,
but occasionally back up so that
people can see what you're drawing,
but resist the temptation to
look up, over left or right.
All right.
So for our audience then, the images.
And if you two could focus
only on the board now.
Only on the board and definitely
not facing that screen.
OK.
[LAUGHTER]
The audience is about to
see the picture in question.
And so, we need a volunteer
first from the audience
to call out an instruction.
Any step ones?
Over here.
Make a circle.
[LAUGHTER]
I heard a small--
I heard draw a smaller circle.
I didn't hear use the eraser, but OK.
OK.
OK.
No looking at me.
No looking at me.
All right.
So I'll take a third step.
So let's go to someone else.
Yeah.
AUDIENCE: Draw a vertical line.
DAVID MALAN: Draw a vertical line.
AUDIENCE: From the center of the circle.
DAVID MALAN: From the
center of the circle.
AUDIENCE: From the bottom
of the circle and down.
DAVID MALAN: From the bottom
of the circle and down.
AUDIENCE: Large stick figure
that appears to be walking.
[LAUGHTER]
DAVID MALAN: I hear an abstraction.
So we were also given
a fourth instruction.
Draw a stick figure that appears
to be walking, if that helps.
But I think we're going to
need to be more precise here
because I can imagine a stick figure
doing multiple things in multiple--
[LAUGHTER]
With--
[LAUGHTER]
OK.
Maybe step five.
Do we want to make any tweaks?
AUDIENCE: It's an almost
upside down triangle.
DAVID MALAN: Draw an almost
upside down triangle, I heard.
AUDIENCE: For the legs.
DAVID MALAN: Through the legs.
AUDIENCE: For the legs.
DAVID MALAN: For the legs.
AUDIENCE: After the
vertical line coming down.
AUDIENCE: You need to erase the legs.
DAVID MALAN: OK.
I heard erase the legs.
AUDIENCE: Get rid of the arms.
DAVID MALAN: And get rid of the arms.
[LAUGHTER]
OK and step five was?
AUDIENCE: From the bottom of
the vertical line, the body,
make the two legs are like a
triangle without the bottom.
DAVID MALAN: From the
bottom of the body,
draw like a triangle
to represent the legs.
AUDIENCE: But not--
[LAUGHTER]
DAVID MALAN: But not that way.
That's good.
Let's move on to step six.
Step six.
Someone over here.
AUDIENCE: So once they
erase that triangle,
from the bottom of the
vertical line, draw
an upside V, where the
center of the V is touching
the bottom of that bottom line.
DAVID MALAN: From the bottom of the
straight line, draw an upside down V.
I think we did that.
Can you step aside just
so the audience can see?
Now we have a tripod.
OK.
[LAUGHTER]
OK.
OK.
So I think we're there.
I think we're there.
One other instruction.
Let's see if we can take this home.
Yes, right here.
AUDIENCE: Draw a less than symbol,
starting from the base of the middle
of the circle.
DAVID MALAN: Draw a less
than symbol from the base
of the middle of the end of
the circle on the left side.
DAVID: Wait, a less than symbol.
DAVID MALAN: Less than symbol.
Yep.
DAVID: Less than.
DAVID MALAN: Yes.
DAVID: Here?
DAVID MALAN: So this is
what we call a condition.
So, yes.
AUDIENCE: Correct.
DAVID MALAN: Correct, I hear.
OK.
I think we're close.
Two more steps, maybe.
AUDIENCE: To the top of the
circle, write the word Hi
with a capital H and lowercase I.
DAVID MALAN: OK.
From the top left of the head, draw the
word hi, capital H lowercase I with--
I think did you say a line to it?
AUDIENCE: Yes, with a line.
DAVID MALAN: With a line to it.
Yeah.
AUDIENCE: [INAUDIBLE]
DAVID MALAN: OK.
And can you step aside, just
so the audience can see?
I think we need just one more step.
One more step.
OK.
Back here.
AUDIENCE: From the bottom of the
circle on the right hand side--
DAVID MALAN: From the bottom of
the circle on the right hand side--
AUDIENCE: --touching the base of the
circle and the vertical line going
down--
DAVID MALAN: --touching the base of
the circle and the vertical line going
down--
AUDIENCE: --make the letter L--
DAVID MALAN: --make the letter L--
AUDIENCE: --at a 15 degree angle.
DAVID MALAN: I heard
at a 15 degree angle?
Sure.
[LAUGHTER]
OK.
I think-- I think could we have you
take several steps back and look up?
And round of applause
for our volunteers.
[APPLAUSE]
That's pretty good.
Thank you both so much.
Please keep the hats.
Congrats.
So clearly, abstractions can be useful,
but they can also be challenging.
Like programming is hard.
And even though this went a bit off
the rails here and there verbally,
this really is just programming.
And we're all trying to agree on
a common language or common syntax
to use to have the
computer, or in this case,
our human volunteers
execute those instructions.
And sometimes, these
abstractions are great.
Draw a stick figure who
appears to be walking.
I think we can all
visualize what that is.
Unfortunately, we're
all probably visualizing
slightly different stick figures.
And that's, again, where precision
comes into play and correctness too.
Of course, sometimes the chalk
went off in the wrong direction.
So we might have to undo.
And of course, we've spent also the
past eight weeks debugging code as well.
And so, I wish I could say that
this gets easier or just gets
absolutely easy.
But it never does because the
problems you aspire to solve,
whether it's in the real world or
in the world of computer science
and programming, are
going to be ever changing.
And your aspirations
are going to increase.
And so, this frustration
you might feel now never
really goes away, if I can
say as much some 20 plus years
after doing this myself.
But the problems you're solving
with those same challenges
and those same hurdles get so much more
powerful, so much more interesting.
And again, it all started
from just a few weeks ago
when Mario's pyramid was perhaps
the first problem to solve.
If we go back to where we were here,
we had of course our drawings, and then
ultimately this process.
This, I dare say, is computer science.
You have inputs.
You have outputs and
algorithms in between.
But really, what are we talking
about at the end of the day?
Well, the creation of, the output
of, the management of information.
I mean, that really is what we've been
talking about for these past eight
weeks is information.
How do you process it?
How do you represent it?
How do you transform it into
something more and ultimately, solve
problems with it?
But, with this manipulation
of, this creation of,
this storage of information
ever more so these days
comes increasing responsibility.
And I daresay one of the
things that we encourage
you, as you exit a course like
this, is not just what you can do,
but frankly whether you should do it.
And indeed, all the more relevant
today in societies of course stories.
Horrifying stories of
where our data has ended up
or what has happened to our
data, or good intentions
perhaps gone awry because we
haven't considered implications.
And what we wanted to
do today is to point out
a few examples of
opportunities to think harder
about what it is you do in the
real world as just a citizen.
And what you do in the
keyboard as a programmer,
and how you might solve problems with
one's privacy and the security of one's
data in mind.
Consider, for instance, passwords.
These, of course, are perhaps
the most familiar thing
that you and I use probably
every day to secure our accounts,
and in turn maintain the
privacy of our information.
Whether it's our photographs,
or financial documents,
or emails, or text
messages, or the like.
Unfortunately, passwords really
aren't the best mechanism.
And most of us in this room
probably should be more thoughtful
when it comes to making these
kinds of decisions, as well.
For instance, in 2019 already,
based on a very large data breach
and in the analysis
thereof, it turns out
that the top 10 passwords in the world
as of this year are number one, 123456.
[LAUGHTER]
Apparently, the result of
some website or applications
requiring a password of
at least six characters.
And this is about the least amount of
effort you can do to satisfy that goal.
Number two password was 123456789.
[LAUGHTER]
Slightly better.
Slightly more secure
insofar as it's longer.
Number three is qwerty.
And if you don't know what
that means, that actually
describes the type of keyboard.
But because if you go to the top left
hand corner of your keyboard and type
one, two, three, four, five,
six from left to right,
you will end up spelling Q-W-E-R-T-Y.
Easy to remember.
Also, pretty easy for other
people to remember as well.
Password is the number
four password out there.
And number five is, as
of this year, 6 ones.
So another way of satisfying the
constraints that these people
did, but with even less effort.
Just hitting the same key
again, and again, and again.
12345678.
So, slightly behind the other two.
ABC 123.
Starting to get a little
more interesting that we're
combining letters and numbers.
1234567 slips in there as well.
Number nine is password1,
clearly satisfying websites
that require that you
not use an English word
but you include at least one
symbol or letter here too.
Dare say the bare minimum.
And number 10 as of this year is 12345.
So it's easy to poke fun at these and
we won't call for a show of hands.
But odds are some of
us in this room maybe--
don't make eye contact--
have at least one of these
passwords as your own.
It's just all too easy, then,
to guess certainly these.
But even if you're practicing adhering
to better practices than these,
and you're not as
simplistic as I'm going
to pick an easy word or
a very simple number.
Suppose you're actually
being more thoughtful.
It doesn't really matter these days.
I'm going to go ahead and turn my
attention to just a moment to a text
editing program here on my computer.
The students in the room will
recognize this is just representative
of a programming environment.
And today, this just
happens to be something
called Visual Studio
Code, or VS code that you
can download on your own Mac or PC.
And I'm going to go ahead and
just save a file called pin.py.
Many of us have not only
passwords, but pins.
Personal identification numbers that
you're supposed to keep secret and that
are usually, say, six digits long.
Well, even if you've protected your
financial account or some other account
with a six digit code, it might
take a human quite a while
to guess all of the possible
codes that you might have chosen.
But it's not terribly
hard for a computer.
In fact, we'll do it even
more simply like a lot
of times with a four digit code.
I can simply go in a
program like this, if I
know a bit of programming in Python.
And I can say from time import sleep.
I can say something like for I in range.
Well, let's start from 0000
and go all the way up to 9,999.
A four digit number.
But it turns out, we need
to iterate up to 10,000
because the students in the room
will recall that we iterate up to,
but not through that value.
And then in here, I'm going
to go ahead and say something
like, I am checking
this value I. So this
is to say I'm proposing to
write a program in Python that
will try to crack someone's pin
to show how easy it is to generate
as a computer all of the possible PINs
in the world that are four digits long.
So and just to demonstrate
this, I'm going
to do it a little slowly
by sleeping for 1/10
of a second between each iteration.
So I've gone ahead and saved my file.
I'm going to go ahead down here
now and run Python of pin.py.
And I'll go ahead and make my screen a
little taller here so we can see more.
AUDIENCE: Close the parentheses.
DAVID MALAN: Thank you.
Thank you.
Thank you.
New here.
OK.
So here we go.
We've now written a program that,
granted is not cracking anything,
but it is demonstrating how easily and
how quickly we can generate numbers
from 0 on up to 9,999.
It's not quite right.
These aren't four digit codes because
they're being treated as numbers.
But there's actually syntax
with which we can solve this.
And if you've never
seen this before, you
can actually just say
something like this colon 0 4.
And that's just going to reform
my output as being four digits.
And it's going to pat
it with zeros instead.
So boom.
I've written a program that generates
all possible four digit codes.
Of course, I've been deliberately
sleeping, that is pausing,
each time I'm printing something out.
A hacker is not going to do that.
They are going to try to do
this as quickly as possible.
No need for sleep whatsoever.
So let me just rerun this code,
getting rid of those lines.
Boom.
That's every possible
four digit code that you
might have on your bank account or
on some email account or the like,
assuming the system allows you to have
a relatively short number like that.
You might think.
OK.
Well, what's better than four digits?
Five digits.
Let's just increase it.
But I think that adversary is going
to be able to crack that pin as well.
I'm not even over at the screen
yet and it's done already.
It is not hard once you
know how to program, not
only to use these systems for good, but
in this case, for some form of evil.
Now maybe you're off the hook
because you're not as simplistic
as I claim as to use only,
for instance, an alphabetical
or rather a numeric code.
Maybe you're using a word and
not a word as simple as password.
It's a more arcane word from English
or perhaps some other language.
That, too, doesn't really matter.
Let me go ahead and copy from our source
directory today, which for the students
is available online, that large
dictionary that we had from problem
sets five wherein you
loaded all of these words
into a dictionary of your own.
There was 140,000 some odd words here.
I'm going to go ahead and
create another file, though.
This one called password.py.
And recall from some of our building
blocks over the past few weeks
how easy it is to similarly
manipulate words from a dictionary.
Let me go ahead and again,
initially import sleep
just so that we can see this happening.
I'm then going to say with open.
Large in read mode.
And I'm going to call this as file.
And over here I'm going to go
ahead and say now for word in.
I want to say file.
And we've not perhaps seen
this one, but it turns out
there's a really easy Python function
where you can say file dot read lines.
And it's just going to slurp in all
of the 140,000 words from the file
and allow you to iterate
over them one at a time.
And if I want to go ahead and print this
out, I'll use print again, as before.
And I'm going to go and
claim that I'm checking,
for instance, that word dot, dot, dot
just as I claim to be checking a pin.
Now again, I'm not checking anything.
I'm just demonstrating that I could
be checking this fast as by simply
printing out these words instead.
And I'm going to go ahead
and as before, sleep
for a tenth of a second
on each iteration.
But I'm also in anticipation
going to call this function, which
some students will
recall is to strip off
any whitespace at the end of the line.
Recall that in large our big
dictionary, there was a new line
character at the end of every word.
So this line of code will
we'll get rid of this here.
Yeah.
Question over here.
AUDIENCE: What's the
significance of different colors?
DAVID MALAN: What's the significance
of the different colors?
This is happening
automatically in my text editor
the program I'm using to write code.
Each type of word or
blocks of words that I type
have a different semantic
meaning to the computer.
And so, the computer
is highlighting them
in that way to draw my attention
to different types of words here.
For instance, we have this
preposition from that does something
like load someone else's code.
Time, though, and sleep are names of
things that other humans have actually
invented.
So I'm going to go ahead now and
run this as Python of password.py.
We'll see, as the
students will recall, all
of the words in that dictionary
starting with the A words, then the B
words, then the C words, and so
forth all the way down through F.
Now, of course, I'm
sleeping unnecessarily.
But if during this demonstration you
see your own password fly by the screen,
it's not that hard for an adversary
to be writing code like this
and not just printing out
the possible passwords,
but trying to log into your
account again and again
and again until they gain
access to the system.
And in fact, if we deliberately speed
this up, let's not bother sleeping.
We'll get rid of all of the
sleep related lines as before.
Now, run this code.
Now, I'm not even over at the board
and it's already done 140,000 words.
Which is to say if you're
choosing a password that's
just a word in the dictionary, whether
it's English or some other language,
you're not off the hook.
You're not being so clever
because anyone with a computer
can check all of those codes.
Now you might think, well,
this is why someone had abc123.
That's not in the dictionary.
That's not just numbers.
That's not just letters.
But, come on.
If you give me a few more minutes, I
bet we could write a program together
that starts with letters and
ends with numbers or vise versa.
We could try to concoct these patterns.
And granted, it's going
to get a little slower.
A little slower, the
more complicated it gets.
But it can.
The adversary, if the goal is to
get your money, get your data,
might have all the time in the
world to actually wage that attack.
And so, I would consider moving forward
exactly what the implications are
of putting your data
in one place or another
and not thinking to actually
secure it because in the best case,
someone nosily might end up getting in.
At worst case, more than that,
whether it's financial or personal,
might be compromised.
Well, what other forms
does information come
that might hint at potential
threats for us too?
Well you've all probably heard of
cookies, when it comes to the web.
And indeed, if you pursue our web
track in a couple of weeks' time will
you dive in deeper to
what these things can do.
But cookies are little
pieces of information
that websites plant on your
Mac or PC or your phone anytime
you visit the website.
Now, that might seem a
little creepy at first glance
and it can be used for creepy purposes.
Advertising and other such
tracking applications among them.
But this is actually a very useful
primitive and computer science and web
programming, in that
if you have the ability
to plant a little file
on someone's computer,
it's like the digital
version of a hand stamp.
You can remember that
you've seen them before.
And that's actually useful
because when you log into Gmail
or whatever email account
you have, you don't really
want to be typing in your
username and password every time
you look at a new message.
Gmail or Google would
be a little obnoxious
if they kept asking you
wait a minute, who are you?
Wait a minute, who are you?
These cookies are stored on your
computer so that, unbeknownst to you,
it's sent from you, the
browser, to them, the server,
to just remind them perpetually who you
are because you've already logged in.
And we can actually see this.
Let me actually go over to
my browser and you, too,
might be in the habit of using
Chrome just as I am here.
And I can go in Chrome go to View,
Developer, and go to Developer Tools.
And you can do this, too, at
home on your own Mac or PC.
You can do this with Firefox, or
Edge, or other browsers as well.
And you'll see among the various
things that just popped up
are not terribly user friendly.
This is really the domain of
indeed developers or programmers.
But I've clicked on this network tab
here because on my own Mac or PC,
if I visit some url like
www.google.com and hit Enter,
I can actually see inside of Chrome all
of the requests my computer has just
made over the internet
from me to Google.com.
And I'm going to go ahead and click
on the very first of these here.
And this, too, is going to look
pretty arcane for today's purposes,
but it's only meant to reveal
what it is that's going on here.
Let me scroll down,
down, down, down, down.
And you'll see a few things
here request headers.
These are little pieces of information
that my Mac, and in term Chrome,
just sent to Google.com com simply
because I visited the website.
And then if I scroll down here,
we'll see response headers.
This is what's coming back from
Google.com to my own Mac or PC.
And this is the line that's interesting.
If you've ever heard
about a cookie, all it
means when I say a server is
planting some information or a file
on your computer, it's
really just doing this.
The response you're
getting from Google.com
simply says literally in English set
dash cookie colon, and then some value.
And to be fair, that value
is pretty arcane looking.
It looks a little weird.
It apparently is going
to expire in December.
So I can infer from
this that Google wants
to be able to remember
me at least for a couple
more months to the end of the year.
And this value here collectively
would seem to be like a hand stamp
they've put on my computer so that
if I now proceed to do searches,
if I proceed to log into Gmail,
use Google Calendar, or the like,
they know who I am or they know
that it's me again and again.
So what does this mean?
This means that any website
you visit can certainly
be tracking what it is you're
doing and where it is you're going.
And because big companies like
Google have advertising networks
as part of their portfolio, if
a website that's not Google.com
is something else dot com, or
something even else dot com,
and they are using Google's
advertising, well long story short,
these cookies unfortunately are sent.
These digital hand stamps are presented,
not just to those individual websites,
but also to Google again, and
again, and again because they
are the middleman in this story.
The advertising network that's using
ads on all of these different websites.
So here a very fundamentally useful and
compelling computer science principle
can be used certainly for
wonderfully useful applications,
just remembering that I'm logged in.
But also, if you don't
think twice about it
or if you want to make money off of it,
can be used for these other purposes
as well.
Now we won't go down
this rabbit hole today
of well this is largely
advertising what has helped
make the internet become what it is.
So there are trade certainly here,
but that too has been thematic.
But again, I would encourage
you, as you discover
more and more of these principles
these things you can do through code,
that you consider whether indeed
you should be doing so as well.
Well, what else might
you do to mitigate this?
Well some of you might be in
the habit of using at work
or at home incognito mode or private
mode, which most browsers today
support.
Well what is that actually doing?
Well, according to
Google, it says Chrome
won't save the following information,
your browsing history, cookies
and site data, information
entered in forms, and so forth.
Well, that means literally that.
Even if Google or Facebook
or some other website
sends you a set cookie
value saying please
store this, Chrome, in this case,
it's just going to throw it away.
It's going to empty the
cookie jar, so to speak,
once you close that incognito window.
However, your browser is still
sending to Google or Facebook
or whatever website you're
visiting those values again,
and again, and again.
You're not private within
that window, per se.
You're only private within
that window with respect
to everything else you have opened.
So for instance, if I go now here and
go to View, Developer, and Developer
Tools.
And I have my network
tab open again and I
visit something like
https://www.google.com and hit Enter,
you'll see that Google is
indeed still planting a cookie.
This time, I got two cookies
from Google on my computer.
And those cookies will exist for as long
as I have this incognito window open.
So Google might be
able to infer who I am
or that I am the same person
based on these cookies.
But they know even more than that.
If I scroll back down to where
we began to these requests
headers, the information my
browser is sending to the server,
you'll notice that among these
values is something like this.
This one, too, looks a little arcane.
Let me go ahead and zoom in on it here.
But it's called user agent.
It's formatted in the same way.
User dash agent colon.
And then an arcane string here.
But it looks like for
whatever reason, my computer
is telling Google without my even
asking it to that I'm using a Mac,
that I'm running Mac OS 10.14.
6 at the moment.
And if I keep scrolling,
it's going to tell it
further that this is a specific
version of Google Chrome.
And this is just some of the information
that is leaked deliberately and often
for good purposes.
But these are the kinds of traces we
all leave when we're using the internet.
And we won't even go down this rabbit
hole too, but all of our computers
have unique addresses.
You might have heard of
things called IP addresses.
You can't just get rid of
those much like you can't just
remove your postal address and
expect mail to still arrival.
All of us have unique addresses that are
still being presented to these servers.
And so, through computer science,
through courses like this,
and through reading up on these
kinds of topics hereinafter realize
that in understanding these
primitives, these things like cookies
and how they are set
can you at least then,
we hope, make a more informed
decision as to whether to use them
in that way or not or to
visit websites in some way
that you know to be using
them for some purpose.
Well what do we have besides this
to perhaps worry about in the world?
I daresay Snapchat is
pretty popular these days.
And of course, with
Snapchat there's this notion
that they popularized it being able
to delete photos after 1 second or 10
seconds or the like.
And in fact, you all may
recall from problems set four.
You implemented recover
in a language called C
and you recovered photos
that had been deleted.
So clearly already, deleted doesn't
necessarily have to mean deleted.
And that's certainly the case
even for third party services.
Now to be fair, we can only guess how it
is Snapchat works underneath the hood.
They claim to be deleting your
photos after some number of seconds,
but let's consider for a
moment what that might actually
mean because it's our information
we're putting out there,
in this case in pictorial form.
If you've never use Snapchat,
when taking a photo,
you're able to see a screen
like this and allow your message
to expire either never or
infinitely many seconds from now,
or 1 to 10 seconds somewhere in between.
After which, the photo is deleted.
Well what does that mean?
In the context of last week, those
of you with now background in SQL
might hope that what Snapchat
is doing on their servers
is executing a query like this.
Delete from snaps where
ID equals something.
And the question mark represents
the idea of the snap you just sent,
the photograph that you just took.
But maybe they're doing that.
We, as outsiders as users,
have no way to audit this.
We can only trust what they say.
What if they're instead just
doing something like this?
Update snaps, set
deleted equals true where
ID equals question mark, where that
again is the identifier of your snap.
Now what is this representative of?
Well in the world of
computer science, there's
this notion of hard
deletion and soft deletion.
Hard delete means truly
just delete the data,
like throw the bits away so that
they really shouldn't be recoverable.
Soft delete is generally implemented
like this, where you literally
change a 0 to a 1, a false to a true
in your database to just remember oh
the user deleted this.
But that doesn't mean we
have to throw the data away.
This might have value
for marketing purposes,
for analytical purposes,
business purposes, or the like.
So for all intents and
purposes, it's deleted
because you the user can't get it
back and no one else can see it.
But perhaps one or more employees
at Snap can see that data.
And perhaps, that's
the kind of data that's
at risk of being leaked out longer term.
And we've not even discussed things
like backups, which too have upsides.
You don't want your data
to get lost, but you also
don't want your data to get stuck on
some backup in perpetuity as well.
So the lesson here we would
propose is just consider.
Don't just trust what some tool
or some application or developer
says something does.
Decide for yourself just how
much weight to give those claims
and whether or not this kind
of risk is worth taking photos
that you might regret, or wish
to unsend because there really
is no notion of unsending, no
matter what it is these applications
describe it as.
One last one that we saw
just a couple of weeks ago.
Photo, the ability to tagged photos
using artificial intelligence
and machine learning these days,
or just simple pattern matching
was incredibly easy and a few lines
of Python code to pick me out,
for instance, out of all of CS50 staff
based on relatively little information.
This is enhanced, the closest thereof.
This is a fuzzy picture.
Didn't represent it really
just by two eyes, a nose,
and a mouth that apparently
resembles my particular face.
This was really easy to do.
And I don't have to tell you these
days that if you're on social media,
all of us have probably been
uploading or have had upload
on our behalf photographs
of us that are then tagged
and we have for better or for worse
been just telling the world what
we look like from all sorts of angles.
And here too, can the
data perhaps be misused.
Yes, it's wonderfully useful when you
upload an album because your friends
can see oh, that was a great night out.
We can now reminisce
about those memories.
But someone else can be
scraping all that data,
as we have read about
having happened in the past.
And someone else might use that
data to find you in a crowd
where you don't want to be found.
Or governments could do this
too, based on driver's licenses
photos or the like.
Here, too, just because the
software can do something
doesn't necessarily
mean we should do that.
So we have all of these building
blocks underneath our belts
now from week zero on through up eight.
We have a number of
languages under our belts.
And for the final weeks of the
class is the goal ultimately,
to take off the last
of the training wheels.
In fact, the training wheels we
literally took off just a few weeks ago
are sitting over there now.
And now, is there an
opportunity for you in the weeks
ahead as the students in the room
to decide on your follow on tracks.
All toward an end of
CS50's final project.
And among the tracks, for
instance, that are on the horizon
for your web programming.
This is taking primitives
like we just saw there,
using JavaScript, HTML, CSS,
plus some more Python and SQL
which you've seen over the past couple
of weeks, to build applications.
This particular track will
be led by CS50's own Brian.
And among the projects you'll
tackle over the coming weeks
are something like this.
CS50 finance, so to speak,
which is a web based application
via which you can buy quote unquote
and sell quote unquote stocks using
real time data from an actual API,
application programming interface,
to get the latest prices for
stock symbols in the world.
So you and this track will build this
application complete with the ability
to log in, to log out, to buy stocks,
sell stocks, all using virtual dollars
and using a SQL database underneath the
hood to keep track of that information.
If you pursue the mobile track
instead, applying your past eight
weeks of skills and concepts to a
domain familiar to you and the phone
you have in your own pocket can
you explore programming on iOS
or iPhones with a language called Swift.
Or if you're an Android user exploring
that domain instead, using a language
called Java.
In this track, you'll be led by CS50's
own Tommy McWilliam, who will guide you
to a number of projects,
one of which implementing
your own Pokemon decks, a sort of
Rolodex for Pokemon characters,
including all of the native
user interface elements that
come with both iOS and Android.
You'll be able to explore an Instagram
like application reminiscent of some
of the filters that you
did in problem set four.
But this one will be interactive and
on your own device or in a simulator
much closer to the app, whether it's
Instagram or Snapchat that you yourself
are familiar with.
And then lastly in this track
will you implement your own note
taking application.
The ability to add and remove
information to keep track of todo's,
whether it's a grocery list, class
schedule, or something else altogether.
And then lastly, you have the
choice of CS50's games track
using a language called Lua.
This is a language that
facilitates implementing games
and many other applications as well.
And CS50's own Colton
Ogden will introduce you
to a couple of applications, some
of which our parents in the room
might recall.
This was one of the first games
ever implemented on a computer,
for instance.
Not to date people in the room.
But this is a game called Pong.
And it's relatively simple mechanically.
You move these white paddles up, down,
up, down, on the left and on the right.
And this little ball back in my day was
represented with a pixel, if you will.
That ball is going to bounce back
and forth against those paddles.
So you have to figure out
exactly how to do the reflections
and how to implement that interface.
And then, as is consistent with the
CS50's theme of beginning with Mario,
you can end the semester
with Mario again,
implementing your own version of Super
Mario Brothers, which is representative
of a two dimensional side
scrolling game, so to speak,
implementing this on your own Mac
or PC using your own computer.
Indeed, for each of these tracks do
you no longer need to use CS50 IDE.
And while you're welcome to
for at least the web track,
you can now use tools that are freely
available and are the types of tools
you'll use after this
course, in the real world.
The goal of the final few weeks of the
class is indeed this final project.
The goal of which is
to apply these lessons
learned now to a project
of your own design.
In the coming weeks when you
propose and then design, and then
implement your final project inspired
perhaps by any of those tracks,
you'll be able, for instance, in the web
track to download Python, the language,
and in turn, the interpreter, onto
your own Mac or PC and use it.
You can use a popular tool
like I used briefly today,
Visual Studio Code, which is a
free and open source tool that's
gaining momentum in industry
because it's relatively accessible
and has lots of features many
more than CS50's own IDE.
Xcode, by contrast, is what
you'll use if you're using a Mac
and developing an iOS project
for your iPhone because of that
being the software that
Apple provides for that.
Or in the worlds of
Google's, Android Studio,
a free tool that you can use to build
those Android applications as well.
But how are we going
to get there and how
will we support you along the the way?
So there's this tradition in CS50 for
the past decade of a CS50 hackathon.
This is an event that will begin
at 7:00 PM sometime in December
and will end at 7 AM the next night.
But unlike most, for
instance, all night affairs,
this one will be entirely focused
on building something and creating
something alongside all of your
classmates and all of your staff,
including some of our
friends from Yale as well.
Upon arrival, we'll all CS50 staff
greet you at the top of the stairs
where you check in, get
settled for the night,
and ultimately spend those 12
hours working theoretically
on your final project.
Perhaps, even putting the
finishing touches on it here.
One of the rooms from across the river
where the event is held, this I think
is shortly after a bug was
fixed later that night.
But along the way, there will be
made several meal times as well.
We're in the habit of providing 100 of
burritos from Philippe's around 9 PM.
Domino's kindly brings a few
100 pizzas around 1:00 AM.
And then, if you're
still awake at 5:00 AM,
will some Harvard shuttles take us too.
And our therapy dog who
will also be in attendance
will take us down the road
to Ihop for pancakes at 5 AM
if you would like to join us there.
[LAUGHTER]
And after that is the final, the
one final capstone to which everyone
in this room parents
and families as well are
invited as are all faculty and staff
across campus, is the CS50 fair.
A campus wide exhibition of all
students final projects at which you'll
be to which you'll bring your laptop.
We'll have music, and popcorn,
and candy, and friends,
and alumni from industry.
And it really is meant to be
this exhibition of in celebration
of the final projects you by that
point a month hence will have created.
Its at central Harvard
Square in the Smith center
and will you be greeted
by such visuals as these.
Our friends at Yale will be
doing the same in parallel.
And it's just an opportunity to
see what you and your friends
have done to invite them as well to
see what you've accomplished this term.
And to ultimately share
in the kinds of projects
that you've both created with
a few passers by here, as well.
And here is where I wanted to
thank the staff, not only those who
helped run the show in the room here.
But also a few of the course's
heads, literally heads.
This here is CS50 staff here
in Cambridge this past year.
All of our teaching fellows, course
assistants, producers, and the like.
These are our team
members at Yale, where
the course is indeed held in parallel.
And there is a few faces we
wanted to call in particular.
Rodrigo, our head teaching fellow
who sadly is graduating, but has
been with the course for so many years.
Emma, who is currently our head CA,
will take over as head teaching fellow
this coming year.
And of course, Brian,
many of whom you know
as the course's preceptor
who himself holds
both of those roles over
the past couple of years.
But this is where we'll
end just as we began.
2/3 of you eight weeks ago
had never taken CS before.
And when we surveyed you
as to your comfort levels,
you might recall this breakdown.
That over some 49% percent
of you described yourselves
as among those less comfortable
just with the idea of taking,
shopping, let alone staying
in the course like CS50.
16% of you described
yourselves as more comfortable.
And 35% described yourselves
as somewhere in between.
As you now embark on your final
projects of your own choice,
I can officially decree that you
are all now more comfortable.
This then, was just the
beginning of your journey
toward the end of these final projects.
Thank you all, too, for coming today
and for joining us this semester.
This was CS50.
[APPLAUSE]
