Posts

Posted on

Authentic PBL Experience in Software Engineering

Project-based learning (PBL) is a teaching approach that has recently gained popularity. It allows students to develop real-world problem-solving skills by working on a project in a classroom setting over an extended period. In software engineering, project-based learning has become a common approach to teaching students how to develop high-quality software. However, there has been debate over the authenticity of these projects, with some arguing that it does not accurately reflect real-world software development challenges and complexities. In this post, we will analyze the authenticity of a course-based software engineering project and how it can be improved to better prepare students for the challenges of the software development industry.

Software engineering Lifecycle and ISTE

The International Society for Technology in Education (ISTE) contains a set of standards for students to use technology effectively for learning. The 4th ISTE standard for students is:

    This standard highlights the importance of students using digital tools to manage projects, solve problems, and make informed decisions, as well as the ability to think critically and analyze risks in design, which are essential skills in modern software development.

    The software development lifecycle embodies ISTE standard 4 for students, emphasizing the importance of producing high-quality software. The lifecycle comprises four primary stages: specification, design, implementation, and maintenance. The specification stage involves gathering and documenting the software requirements, while the design stage focuses on planning and structuring the software. The implementation stage is dedicated to developing and testing the software, and the maintenance stage involves monitoring and updating the software to ensure that it remains functional and usable over time. Each stage is an iterative process that produces partial outputs of the final deliverables.

    Teaching the software engineering lifecycle in a classroom can present several challenges. One of the main issues is that software development is a highly dynamic process that is difficult to replicate in a classroom setting. Classroom projects may lack the same complexity or scope as real-world software projects, which can hinder students’ understanding of the software development lifecycle. Additionally, classroom environments may not provide students with the same level of exposure to real-world tools and technologies commonly used in software development (Kay et al., 2000). To address these challenges, the following project design outline is intended to enhance the effectiveness of a PBL software engineering project by integrating real-world elements.

    Project Design

    This project design methodology draws inspiration from the backwards design approach (Wiggins, 2005), and it has been compiled from three PBL projects by Shekar et al. (2014), Abad et al. (2019), and Spichkova et al. (2015) that were effectively carried out.

    Through the project, students will understand the fundamental software lifecycle process and the reality of rapid changes in real-world requirements. They will also learn about the critical role of effective communication in ensuring customer satisfaction and the importance of maintaining quality standards throughout a software development project.

    The software project aims to improve students’ hard and soft skills. Hard skills, which are measurable and specific, consist of software development skills in a particular language or framework, project planning, and written communication. In contrast, soft skills are personal attributes that enable students to collaborate effectively, such as teamwork, decision-making, communication, and organization.

    To demonstrate a student’s understanding, the following evidence is required: appropriately documented changes made to the software at appropriate intervals, effective communication with the customer, including asking relevant questions, and the production of working software at the end of the development cycle that adheres to proper design and testing procedures.

    Shekar et al. (2019) have proposed a set of assessments that should include the following elements:

    • A project proposal that aims to replicate the initial phase of the software development lifecycle, including customer communication.
    • A detailed design that specifies various alternatives and justifies the selection of the chosen design.
    • A demonstration of the final product that establishes the student’s ability to effectively communicate their solution and exhibit a functional end product.
    • The final project report that confirms that the software product was constructed according to the proposed design and testing procedures during the entire software development process.
    • A self-reflection component that involves maintaining a journal that records successes, failures, and evaluations of team members.

    Best Practices

    Software Engineering educators encounter a significant challenge in balancing the provision of a realistic experience and maintaining classroom control when designing a project. The guidelines and best practices presented below are once again derived from successful project designs outlined in Shekar et al. (2014), Abad et al. (2019), and Spichkova et al. (2015).

    1. Provide real-world connections and real industry experience. Providing inadequate project specifications and forcing requirements to change can effectively challenge students and prepare them for real-world scenarios. A vagueness in the problem description from the client will force students to ask questions and shape their requirements-gathering workflow. Furthermore, a requirements change later in the process can force students to adapt and develop explicit change management skills (Abad et al. 2019).
    2. Include flexibility and team-oriented decision-making. In the approach by Abad et al. (2019), students can exercise flexibility in their development process by selecting from various software process models, including Opportunistic, Waterfall, Spiral, Concurrent, or Scrum, and justifying their choice of methodology for their system development. They can also modify their chosen process model as the project advances. Similarly, in Spichkova et al.’s (2015) approach, the design architecture incorporates a team-oriented decision-making component to encourage collaborative decision-making among team members.
    3. Focus on team dynamics. Effective teamwork is a critical factor in the success of a project. It is essential to clarify that everyone has an equal role and that all team members share ownership of the code base (Sepahkar et al., 2014). According to Bates (2022), another crucial aspect is establishing an interactive and asynchronous communication medium which all team members can access and utilize. Examples of such mediums include Facebook messenger, MS teams, and Discord. This fosters a collaborative environment where all team members are accountable to each other and can respond promptly to ensure the success of the project.
    4. Include personal reflections. Shekar et al. (2014) suggest incorporating personal reflection journals at each stage of the development process. This gives students a high-level view of the entire process and allows them to reflect on their progress. In the reflection journal, students should consider what went well during each stage, any unexpected difficulties they encountered, how to improve pacing, engagement, and assessments, and how to align each stage more closely with the primary objectives of the iteration.

    Conclusion

    Providing an authentic project-based learning experience in software engineering can be a challenging but rewarding experience for software engineering educators. By designing projects that simulate real-world scenarios, students can develop both technical and soft skills that are crucial for success in the software development industry. Moreover, incorporating assessment strategies that align with the software development lifecycle and emphasizing effective communication, collaboration, and self-reflection can enhance the learning experience for students. By following the guidelines and best practices proposed, educators can strike a balance between providing students with a realistic experience, maintaining classroom control, and preparing them for the challenges and opportunities in the software engineering industry.

    Reference:

    Kay, J., Barg, M., Fekete, A., Greening, T., Hollands, O., Kingston, J. H., & Crawford, K. (2000). Problem-based learning for foundation computer science courses. Computer Science Education10(2), 109-128.

    Sepahkar, M., Hendessi, F., & Nabiollahi, A. (2015). Defining Project Based Learning steps and evaluation method for software engineering students. International Journal of Computer Science and Information Security13(10), 48.

    Spichkova, M. (2019, November). Industry-oriented project-based learning of software engineering. In 2019 24th International conference on engineering of complex computer systems (ICECCS) (pp. 51-60). IEEE.

    Shekar, A. (2014, June). Project-based learning in engineering design education: sharing best practices. In 2014 ASEE Annual Conference & Exposition (pp. 24-1016).

    Wiggins, G. P., & McTighe, J. (2005). Understanding by design (2nd ed.). Association For Supervision And Curriculum Development.

    Bates, A. W. (Tony). (2022). 7.5 Broadcast or interactive media? Pressbooks.bccampus.ca. https://pressbooks.bccampus.ca/teachinginadigitalagev3m/chapter/8-3-broadcast-vs-communicative-technologies/

    Abad, Z. S. H., Bano, M., & Zowghi, D. (2019, May). How much authenticity can be achieved in software engineering project based courses?. In 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET) (pp. 208-219). IEEE.

    Posted on

    Crap Detection for Node Package Manager

    Open-source software allows the source code to be freely available to the public, allowing anyone to inspect, modify, use, or distribute the code. It is typically developed and maintained by a community of volunteer developers who collaborate and contribute to the project. According to the Linux Foundation, open-source code is used in 70-90% of every software found today (A Summary of Census II: Open Source Software Application Libraries the World Depends on – Linux Foundation, n.d.). Most of this code is a result of open-source development frameworks.

    Open-source development frameworks are libraries of code and tools that provide a foundation for building software applications efficiently by supplying reusable components. Using open-source development frameworks can help streamline the software development process and reduce the time and effort required to build applications from scratch. Frameworks can be used for creating a wide range of software, including web, mobile, and desktop applications.

    Development frameworks typically rely on package managers.  A package manager is a tool that helps manage the libraries, dependencies, and other components needed for a project. Using a package manager, developers can automate installing, updating, and tracking libraries needed for their projects. Many package managers employ a team of reviewers who review every request to push new updates to the repository. However, some frameworks may include public repositories in which anyone can upload their packages for the community. The Node Package Manager (NPM), which runs on the JavaScript open-source framework NodeJS, is one of the most popular public repositories and thus makes it a target for harmful activity. 

    Types of Malicious Code

    Several types of malicious code can exist on NPM, including:

    1. The most obvious is that some packages themselves may contain malicious code, such as backdoors, trojans, or malware, that can harm the software or compromise the security of the system it is installed on. In other cases, malicious packages may simply lie about what the package does, instead running damaging commands such as modifying system files, altering settings, or collecting and transmitting sensitive data without the user’s consent. For example, a data-stealing package was uncovered in late 2022 after going undetected for over a year (NPM Malware Attack Goes Unnoticed for a Year | TechTarget, n.d.). There has also been an increase in crypto mining malware on NPM in 2022. These malware packages contain code that mines cryptocurrencies on the computer of the person who installs the package, using their system resources without the user’s knowledge.
    2. Supply Chain Attacks. Packages on NPM may have dependencies on other packages that contain vulnerabilities, which can put the developed software at risk if the vulnerabilities are not detected somewhere in the chain. (Ellison et al., 2010)
    3. Malicious code could be hidden in packages that have suspiciously similar names to popular and frequently used packages. These are known as typo-squatting and combo-squatting attacks (Vu et al., 2020). For example, in 2017, a popular package called ‘cross-env’ was typo-squatted and malicious code hosted on a package called ‘crossenv’ preyed on developers who accidentally misspelled the package name. (Npm Blog: ‘Crossenv’ Malware on the Npm Registry, n.d.)
    4. Stealing credentials of legitimate NPM accounts and pushing malicious code onto its repository (Vu et al., 2020)

    Information Literacy on NPM

    The term crap detection is used describe a process of deciding whether something found online is true. To help analyze packages for possible malicious code, several studies have been done on lightweight NPM vulnerability auto-detection tools. They are very effective. In most cases, with over 90% success rate (Sejfia et al., 2022) and able to identify exact types of vulnerability (according to OWASP) with a high degree of accuracy (Brito et al., 2023). They are, however, not perfect, and we, as developers, must do our part to avoid falling into the pit of malicious intent. Here is a summary of recommendations from the studies. I am basing this on the C.R.A.A.P. and S.I.F.T. tests for information literacy, I will call this the F.I.S.T. test for NPM literacy:

    • Package Frequency of download and package updates: The NPM website contains the weekly downloads of every package on the repository. The Frequency of maintenance of a package also gives information about the safety of use, check the last publish date to see how active this project is. Projects that are not actively maintained or have low weekly downloads are a cause for concern.
    • Inspect the code: Before installing a package, review it to ensure it doesn’t contain any malicious code. Go to the package’s Github account and quickly scan the code for malicious behaviour. Look for things like email dependencies, non-consensual sending of HTTP requests, etc. This may be difficult for beginners of a framework.
    • Use Secure sources: Only install packages from trusted sources like NPM or verified package managers like yarn. From the NPM website, verify information about the package’s publisher, such as the publisher’s website and social media accounts. If they have very little information online, it may suggest they are trying to hide something.
    • Use auditing Tools: Use security tools like npm audit, which scans installed packages for known vulnerabilities, to help you identify and mitigate potential security risks. npm audit will look at existing packages in your system, but since you can only run this command after the package has been installed, it may already be too late. Alternatively, there are also many NPM rating tools. Spectralops.io lists the Top 5 NPM audit tools in 2022. Among them are Synk and SpectralOps. Both tools provide reviews and ratings of every NPM package. Search the packages you intend to use to check its rating and to ensure they are not on the known vulnerabilities list. A package with low ratings or negative reviews may indicate potential security issues.

    NPM Improvements

    Other solutions are suggested to improve the existing architecture and workflow of the package managers themselves. This includes:

    • Updating NPM policy to allow automatic updating to the latest version of a package to mitigate technical lag (the time it takes a developer to recognize a malicious package and update it)
    • securing critical accounts on NPM,
    • providing trust scores for developers, and
    • eviction of typo- and combo-squatters.

    (Kaplan et el. 2021)

    Conclusion

    The Node Package Manager (NPM) is a powerful tool that helps software developers manage and share the packages they use in their projects. It provides an array of community packages which can be added to the software while enabling developers to write and share code with the community. However, with its growing popularity and widespread use, knowing how to perform crap detection on NPM effectively is a valuable asset for any modern developer looking to improve their information literacy skills.

    References

    A Summary of Census II: Open Source Software Application Libraries the World Depends On – Linux Foundation. (n.d.). Www.linuxfoundation.org. Retrieved February 5, 2023, from https://www.linuxfoundation.org/blog/blog/a-summary-of-census-ii-open-source-software-application-libraries-the-world-depends-on#:~:text=Introduction

    NPM Blog: ‘crossenv’ malware on the npm registry. (n.d.). Blog.npmjs.org. Retrieved February 4, 2023, from https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html

    Vu, D.L., Pashchenko, I., Massacci, F., Plate, H., Sabetta, A. (2020). Typosquatting and combosquatting attacks on the python ecosystem. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 509–514.  

    Ellison, R. J., Goodenough, J. B., Weinstock, C. B., & Woody, C. (2010). Evaluating and mitigating software supply chain security risks. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst.

    Kaplan, B., & Qian, J. (2021). A survey on common threats in npm and pypi registries. Deployable Machine Learning for Security Defense: Second International Workshop, MLHat 2021, Virtual Event, August 15, 2021, Proceedings 2 (pp. 132-156). Springer International Publishing.

    NPM malware attack goes unnoticed for a year | TechTarget. (n.d.). Security. Retrieved February 4, 2023, from https://www.techtarget.com/searchsecurity/news/252525968/NPM-malware-attack-goes-unnoticed-for-a-year#:~:text=The%20researchers%20said%20that%20by

    Brito, T., Ferreira, M., Monteiro, M., Lopes, P., Barros, M., Santos, J. F., & Santos, N. (2023). Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages. ArXiv. https://arxiv.org/abs/2301.05097

    Sejfia, A., & Schäfer, M. (2022). Practical Automated Detection of Malicious npm Packages. ArXiv. https://doi.org/10.1145/3510003.3510104

    Posted on

    Are Limitations to Screen Time Necessary?

    According to the American Academy of Pediatrics (2013), it is recommended that parents limit children and teens’ entertainment screen time to no more than two hours daily, stating that an increase in screen time has been linked with eye problems, violence, cyberbullying, obesity, lack of sleep, and academic decline. They quickly note that this is not a significant cause of these problems, and this information should be balanced with educating your kids about these factors. Despite this, I find this to be a gross generalization. Studies have shown that culture and class affect the amount and the type of technology children are exposed to (some are good, and some are not). Benefit from technology is greatly affected by family context (Konca, 2021).

    Fraser Health, the leading health authority in B.C. Canada makes a similar recommendation of 2 hours a day (Screen Time for Children, n.d.), stating that parents should instead “Choose activities such as playing outdoors, reading or crafting over screens.” However, e-readers and tablets offer the storage of thousands of books, and web-enabled devices can give extra information on books at your fingertips. Or is reading not considered entertainment? What if I enjoy reading?  Also, who does crafts without the use of a tablet? Do you have craft ideas off the top of your head?

    Personally, I do not limit screen times for my six-year old son, Jacob.  There are days that he spends seven hours in front of a screen, and there are days that he spends less than an hour.  The important thing is that he is learning something from the experience. Screen time can be used to develop digital, creative, problem-solving, communication, social, and goal-setting skills  (Using Screen Time and Digital Technology for Learning: Children and Pre-Teens, n.d.). Currently, Jacob primarily plays two games: Geometry Dash and Mario Maker. On the surface, both games provide no educational value. The former even contains many elements, such as photosensitivity and loud music, that have been known to cause seizures in players (Millichap, 1994). I have found that these games provide benefits from every category listed above, teaching children to collaborate on building levels and giving feedback to peers. Besides learning online etiquette, reading, and typing skills, Jacob has gained extensive practical knowledge about game mechanics like angle rotations, alpha transparencies, z-index, collisions, conditional structures, and counters.  Some of these concepts I am teaching to my university students.

    So to all health authorities: I agree with your other recommendations. Please consider deleting or altering the gross generalization of time limitations (or at least clarify it further). Otherwise, each time Jacob plays a game, I will need to set a timer on my phone, which will cut into my two hours of screen time.

    References

    Konca, A. S. (2021). Digital Technology Usage of Young Children: Screen Time and Families. Early Childhood Education Journal. https://doi.org/10.1007/s10643-021-01245-7

    American Academy of Pediatrics. (2013). Children, Adolescents, and the Media. PEDIATRICS132(5), 958–961. https://doi.org/10.1542/peds.2013-2656

    Screen time for children. (n.d.). Fraser Health. Retrieved January 22, 2023, from https://www.fraserhealth.ca/health-topics-a-to-z/children-and-youth/physical-activity-for-children/screen-time-for-children#.Y8zGYezMJqs

    Using screen time and digital technology for learning: children and pre-teens. (n.d.). Raising Children Network. Retrieved January 22, 2023, from https://raisingchildren.net.au/school-age/school-learning/learning-ideas/screen-time-helps-children-learn#:~:text=Screen%20time%20can%20help%20children

    Millichap, J. G. (1994). Video Game-Induced Seizures. Pediatric NeurologyBriefs8(9), 68. https://doi.org/10.15844/pedneurbriefs-8-9-5

    Posted on

    Feedback in Gamification App

    Motivation

    Gamification and Game-based learning are well-studied fields in education, the effects of which generally positively impact learning. From ISTE standard 1.1.c “Students use technology to seek feedback that informs and improves their practice and to demonstrate their learning in a variety of ways.” (Brooks-Young, 2017), the question that I set out to investigate is: How effective is gamification in a learning tool in terms of feedback to a student? The conclusions in this post will help improve a programming practice web application currently in development. The current iteration of the application has a series of programming challenges that a student can work through.  The student can submit a program to any programming challenge and immediately receive a ‘pass’ or ‘fail’ on the problem.  I aim to determine what game components and digital feedback techniques should be added to improve this online tool.  The long-term use and integration of such a tool into a classroom setting to provide teachers a tools for providing practice problems for students. Under the TPACK model, the pedagogical view would be a game-based learning tool that allows students to level up as they gain more experience, the technology would be the programming platform on the web application, while the content knowledge would be gained by the programming itself.

    Gamification, Game-based Learning, and Serious Game

    In Teaching in a Digital Age, the author distinguishes between the following terms. Serious games are game-like interactive systems and “are referred to as entertaining tools with a purpose of education, where players cultivate their knowledge and practice their skills through overcoming numerous hindrances …” (Zhonggen, 2019, cited in Bates, 2022). Game-based learning is “the pedagogical approach of utilizing games in education.” (Anastasiadis, Lampropoulos and Siakas, 2018, cited in Bates, 2022). Gamification is the “use of game design elements in non-game contexts” (Deterding et al., 2011, cited in Bates, 2022). Game design elements for gamification include player profiles, experience points (XP), levels, badges, leaderboards, team collaboration, quests, social graphs, and certificates.

    According to these definitions, my tactic is the gamification of an existing learning tool using a game-based learning pedagogical approach.  I would not call the current web app a serious game since it does not possess game-like characteristics. It is widely accepted that gamification increases the app’s usability, so we seek to find the types of feedback that would prove most beneficial for the programming app.

    Feedback

    There are primarily two forms of feedback: explanatory and corrective. Both types of feedback inform the player of the correctness of their answer, but explanatory feedback provides the player with an additional principle-based explanation. Currently, my application provides only corrective feedback. A 1993 study using a digital game designed to teach environmental principles found “… that a version incorporating explanatory feedback significantly improved recall performances compared with a version where no feedback was available”. (Leutner, 1993, as cited in Erhel et al., 2013). Another study “… of the Design-A-Plant game showed that the use of explanatory feedback improved learners’ transfer performance more than corrective feedback did.” (Moreno and Mayer, 2004, cited in Erhel et al., 2013).

    It is also essential to distinguish between generic and tailored feedback and negative and positive feedback. Generic feedback is a general statement, whereas tailored feedback is specific to the player.  Negative feedback focuses on improvements that can be made, whereas positive feedback focuses on what the player did well during the last session. It is found that negative feedback is most effective when the player immediately has another turn, and positive feedback is more effective when the turn is delayed or non-existent (Burgers et al., 2015, cited in Welbers et al., 2019). Another study found that generic feedback was more effective than tailored feedback. This contradicts conventional thinking, and the authors quickly noted that it was due to corrective feedback. It is conjectured that tailored explanatory feedback, especially if accompanied by hints tailored to the player, could encourage participation (Welbers et al., 2019).  

    One theme prevalent in these studies is the idea of instant feedback within games. Azumi (2015) highlights the addictiveness of massive multiplayer online role-playing games (MMORPG). These games require players to work together to accomplish a goal. Including a gamified collaboration element benefits programming education students in the learning process as they attain immediate feedback from peers (Azumi, 2015). In fact, “feedback in serious games and game-based learning can also take the form of responses from dialogues with non-player characters or instant feedback messages related to game controls and challenges performed.” (Laine & Lindberg, 2020, cited in Krath, 2021). Intuitively, immediate feedback allows players to make instant adjustments to quickly correct failures and set new goals.

    Other Lessons Learned

    Although unrelated to feedback, it is interesting to note that gamification applications in Computer Science have mixed results. A gamification platform that contained game dynamics was used to teach a course in Software Engineering where the students did not feel interested in the gamified environment. It is conjectured that older students and those who have much experience with lecture-based learning is less receptive of game-base learning (Berkling and Thomas 2013, as cited by Nah). On the other hand, a course in Information Systems and Computer Engineering introduced multiple game design elements into the course design itself. This increased student engagement and lecture attendance but did not significantly improve student grades (Barata et al., as cited by Nah). We must ensure that online tools do not replace the programming learning experience which only comes from solving real-world problems.

    Conclusions:

    From the readings and conclusions above, the following actions should be taken to incorporate gamification elements in the programming application. 

    1. Since a student can debug, alter, and resubmit an incorrect program immediately, the application should give immediate negative feedback, displaying elements of the code or test cases that failed in the execution of a program.
    2. Lessons should be drawn from the MMORPG. We should add a collaborative element, allowing students to form teams to solve problems.  Students can gain peer feedback and also benefit from developing a personal learning community.
    3. Welbers et al. (2019) noted that tailored explanatory feedback might encourage player engagement and participation. One way to do this is to give feedback by sending weekly progress reports and questions tailored to the user’s skill level.
    4. Programming challenges beyond a student’s skill level should be hidden until the required experience points are attained. This is a form of positive feedback which is most beneficial when the game play is delayed.

    References

    Erhel, S., & Jamet, E. (2013). Digital game-based learning: Impact of instructions and feedback on motivation and learning effectiveness. Computers & Education67, 156–167. https://doi.org/10.1016/j.compedu.2013.02.019

    Welbers, K., Konijn, E. A., Burgers, C., de Vaate, A. B., Eden, A., & Brugman, B. C. (2019). Gamification as a tool for engaging student learning: A field experiment with a gamified app. E-Learning and Digital Media, 16(2), 92–109. https://doi.org/10.1177/2042753018818342

    Nah F.F., & Zeng, Q., & Telaprolu, V. R., & Ayyappa, A. P., & Eschenbrenner, B., (2014). Gamification of education: A review of literature. HCI in Business, 401-409. https://doi.org/10.1007/978-3-319-07293-7_39

    Azumi, S., Iahad, N., & Ahmad, N. (2015). Gamification in online collaborative learning for programming courses: A literature review. ARPN Journal of Engineering and Applied Sciences, 10(23).

    Krath, J., Schürmann, L., & von Korflesch, H. F. O. (2021). Revealing the theoretical basis of gamification: A systematic review and analysis of theory in research on gamification, serious games and game-based learning. Computers in Human Behavior125, 106963. https://doi.org/10.1016/j.chb.2021.106963

    Bates, A. W. (Tony). (2022). Chapter 8: Pedagogical differences between media. Pressbooks.bccampus.ca. https://pressbooks.bccampus.ca/teachinginadigitalagev3m/part/chapter-8-pedagogical-differences-between-media/

    Brooks-Young, S. (2017). ISTE standards for students: a practical guide for learning with technology. International Society For Technology In Education.