Teaching programming in schools

[Chunky]

Possibly overkill, but have yo thought of dual booting the PC into a vanilla xp image?

Alternatively, maybe booting XP from an external hard drive / having drives that can be removed (in caddys) at all other times?

Just a thought,

Chunks.

[p858snake]

Just remember, whatever they program can only do what they would normally be able to do (unless they program it to run as another user).

PHP/MySQL doesn't need to be run from C:, for example there is a portableapps version of XMPP, and I know both the XMPP/WAMP packages can be run from other drives, you just need to make sure you fix up all the references in the config files.

During learning PHP and MySQL in class I never really had a issue except for creating the Installers in VB.Net but that might be because my teacher wrote the textbooks for both (he also sells them online, if anyone wants a link).

Also we used the normal user login environments for this as well (but got given C: access because the wamp packages were last minute rollouts).

[Chunky]

Just remember, whatever they program can only do what they would normally be able to do (unless they program it to run as another user).

Correct in theory, but not in practice. When code is written to utilize vunerabilities, it is often done in a way that negates the issue of permissions. (hence why it's a vunerability).
Sorry if it appears a bit picky - you're right in general, but with respect, thought it was worth pointing out.

Chunks

[fafster]

Teaching web programming may be a good route. They can still learn the fundamentals (recursion, selection etc) but they'll also see immediate results. It's easy enough then to create subfolders within the web directory the server uses, and set up folder permissions so that they can only access their own folder via the filesystem.

[srochford]

Correct in theory, but not in practice. When code is written to utilize vunerabilities, it is often done in a way that negates the issue of permissions. (hence why it's a vunerability).
Sorry if it appears a bit picky - you're right in general, but with respect, thought it was worth pointing out.

Chunks

But that vulnerability is there whether or not you allow them access to programming tools.

Many of the Internet Explorer vulnerabilities give elevated rights when you visit a "bad" website - your pupil hacker doesn't need programming facilities in school, they just need to set up a web page elsewhere (even on their home PC) which they then visit from school.

Stopping kids doing programming will rarely protect you against vulnerabilities.

[Chunky]

But that vulnerability is there whether or not you allow them access to programming tools.

Many of the Internet Explorer vulnerabilities give elevated rights when you visit a "bad" website - your pupil hacker doesn't need programming facilities in school, they just need to set up a web page elsewhere (even on their home PC) which they then visit from school.

Stopping kids doing programming will rarely protect you against vulnerabilities.

I never said it would. Giving them programming tools massively increases their arsenal of ways to access these, and in different ways. You can limit the number though, by not doing this, or doing it on a non-live system. (such as an external rebuildable drive, or a Virtual image)

What was originally said was that "Just remember, whatever they program can only do what they would normally be able to do (unless they program it to run as another user)."

Where this is invorrect by the virtue that without the programming facilities, the number of ways to access vunerabilities is massively reduced, and that the dependance of users permissions can largely be negated) - It's far easier to target vunerabilities via programs than simple web-page hacks.

Chunks.

[garethedmondson]

For those who are interested in coding at school there is a group:

Computing At School

Which looks at this sort of thing. It's run by Simon Peyton Jones of Microsoft. There is a Google group which houses a lot of programming links suitable for kids etc.

Regards

GJE

[StewartKnight]

Laptops?

[Ric_]

Small Basic works as limited users and AFAIK shouldn't open up any vulnerabilities. It also offers a transition to VB when required.

[srochford]

Where this is invorrect by the virtue that without the programming facilities, the number of ways to access vunerabilities is massively reduced, and that the dependance of users permissions can largely be negated) - It's far easier to target vunerabilities via programs than simple web-page hacks.

Chunks.

I think you're completely mis-understanding the kind of vulnerability which is most common. If I want to hack into "your" computer, I don't sit down at your computer and write code. I sit down at my computer and write code which I put on a web site. I then persuade "you" to visit my web site and that then exploits the vulnerability on your computer and gives me control.

Stopping kids programming at school simply has no effect on that attack vector and I really don't like the "we can't allow programming at school because kids might do something bad" attitude!