make this workshop more interactive #7
Comments
|
@ronanyeah I really believe that making the workshop more interactive would help the concepts sink in. Right now, I imagine that the students might use the But I haven't submitted a PR because this suggestion is heavily reliant on having a pre-existing database #6. Considering the fact that we're not in agreement over that being a good idea, I thought I would explain exactly what my suggestion is, before actually working on making the changes. For this to work, we would need to add a database with a Here is an outline for a more practical, hands-on version: Set the scene
Hashing and salting before storage
Using a password hashing algorithm
Password hashing functions
What do you think @ronanyeah @des-des @eliasCodes @sohilpandya @bo-bok @alexis-l8 ? |
|
+1 to more excercises, still definitely against a database |
|
-1 to 'setting scenes' |
That's exactly what I wanted. If there is confusion, then the readme can be read again. |
Reading about cryptography isn't nearly as engaging as it would be to interact with actual data. Surely the whole point of FAC vs regular education is that being told something isn't half as memorable as discovering something by doing it yourself. So why not make it more practical and less reading-heavy?
How come? They've just finished database week. Why would we not want to use the context they've just been given? Why would we not help that to solidify in their minds by making it assumed knowledge within future workshops? |
Sure, we could add more (2 max, and small) hashing exercises.
Yeah and they will have a project at the end of the week putting all of these new skills to work with a database. If they have these skills. So lets focus on putting those skills in their hands. This is not a database usage workshop. So a database is a distraction and unnecessary intellectual overhead. |
They also know how to use github pages, should we slot that in here somewhere? |
|
Hahahaha. It's not about using things they know for the hell of it 🙃 New information is easier to absorb when it is contextualised. The entire reason you want to hash a password is so that it is more secure when you then store it. Using a database for a password security workshop isn't purely about applying prior knowledge. It is directly relevant to whole purpose of learning to hash & salt passwords. If you introduce concepts without providing the context in which they are used, even if the concept is understood, it is more of an intellectual overhead for someone to then provide the context for themselves. |
Nope, you could be running a microservice that sends the hashed password off to another microservice that handles your users. So thats an AJAX request, and there are no databases to be seen. Or you could be writing a hashing utils module for yourself which will quite rightly have no idea where it is being called from, or that it's results are going into a database at some point. And by the way, if they are writing their handlers properly, there shouldn't be ANY files that share database and bcrypt code, but now they are writing an unnecessary module which has the cost of totally obfuscating the FOCUS of the workshop, and the skills required for it to be completed. What I mean is, this workshop automatically becomes less reusable and inclusive to outsiders hopping in and giving it a go if it requires the 'external state' of having completed previous 'weeks' and having certain totally arbitrary programs installed on their computers. (people who have an interest in security perhaps, but hate databases) Not to mention how less bothered people will be to repeat it! @saralk spoke to me in Gaza about the possibility of the FAC workshops, and even weeks being self-contained, and more module-like. It's something I think about a lot. The curriculum should be like Lego. The PROJECTS are where it comes together. |
|
2019 Curriculum Meeting: 'OK that's it settled, FAC is now adopting DonkeyDB.' 'Aw that's annoying we've hardcoded Postgres all over the curriculum.' |
|
Sorry I haven’t read all of this. Lots of back and forth but I have read your top comment and suggestion. I am with @ronanyeah on this one. We should not have databases as part of this. It should just be about hashing and crypto. IMO you can’t make everything interactive and a deep dive. Hashing is just necessary there isn’t anything pretty about it but it’s necessary. We need them to think for themselves and the database part can be left to the side as it is not the focus. Also setting a scene can lead to the thinking that this is the only way it is done and so if they come across a different implementation they may be confused too. |
|
In order to complete the exercises, all they need to do is go directly to this part of the docs, copy the lines there & wrap those few lines in a function which takes a callback. The only thing that might make this exercise take longer than 15 mins is if they:
They can just copy the lines and then implement it in their projects without understanding or remembering the conceptual information in the readme above. If we make each of the sections above more interactive, they're more likely to retain the information long-term. |
|
@ronanyeah This is a good point though:
If you don't want any of the weeks to rely on each other (in this case to rely on students knowing postgres) then @des-des' PR to insert a mock database #10 is a way to solve that. But even if you don't put this into context with a database at all, you can make the workshop more interactive just by typing the This could actually work really well. But I think the minute you make it more mentor-led (e.g. code alongs / readme Q&As), you put the mentor in the position where students are going to ask them lots of conceptual questions. It puts pressure on the mentor to know this topic inside out, in order to deliver it well. I'm not convinced that that is the best move here, considering the fact that none of the mentors in any of our 3 campuses had this week delivered to them. They have to spend even more time than usual trying to get their head around the material. |
Good suggestion. Right so we can do with more interactivity. If there's time some can be added, but like Sohil said:
Sometimes you just have to read a paragraph to learn what a rainbow table is. |
|
@alexis-l8 is delivering the portion before the exercise as a presentation (talking through the concepts in the readme) / "code-along" (demo-ing the We should probably record this, to help Nazareth & Gaza. @sohilpandya can we count on your camera again please? 🙏 |
|
@des-des were you making a PR for this? |
|
hey so I added a workshop to follow this and put stuff in context, if any of you still care a year later, cos I think @jsms90 was right: |
|
actually tbf I think both of you were kind of right, hence why I think when we do this in Khalil (we have a campus in the west bank now btw) we will do this workshop first and then go on to my one (which is implementing the stuff here) |
|
Update after delivery:
|
Since you can complete the exercises without understanding the information above, for me at least, I don't know how much of the reading I would remember. Especially if I struggled with the exercise itself at all.
The reading that students have to do before the exercises is really really clear 👍 It's a really nice introduction to some potentially confusing concepts, and I don't think it will take students long to read through it before they get to the exercises. So maybe it just depends what kind of learner you are as to whether you take information in this way.
But we have seen this pattern before, where students have a Q&A with mentors after going through some reading material (the intro to HTTP requests & APIs from week 3) or a lot of reading and then a couple of exercises at the bottom (the error handling workshop from week 5).
The progress that students make and the feedback on how these went seem to suggest that something more practical is preferable. See the issue raised about the error handling workshop and FAC11's stop go continue from week 5. (FAC11's stop go continue from week 3 still to be uploaded).
The text was updated successfully, but these errors were encountered: