Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
171
hpr_transcripts/hpr4164.txt
Normal file
171
hpr_transcripts/hpr4164.txt
Normal file
@@ -0,0 +1,171 @@
|
||||
Episode: 4164
|
||||
Title: HPR4164: Postgraduate Computing
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4164/hpr4164.mp3
|
||||
Transcribed: 2025-10-25 20:36:08
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 4164 for Thursday the 18th of July 2024.
|
||||
Today's show is entitled POSP Graduate Computing.
|
||||
It is hosted by Lee and is about 11 minutes long.
|
||||
It carries a clean flag.
|
||||
The summary is studying for a Master's in Computing with the Open University.
|
||||
My name is Lee and today I'll talk about a postgraduate Master's in Computing which
|
||||
I've been studying towards over the last few years.
|
||||
This qualification could be studied for with quite a few different universities in the
|
||||
United Kingdom.
|
||||
I'll be talking about the programme that's offered by the Open University and focusing
|
||||
on the particular modules that I've taken myself.
|
||||
While the modules I took did not have specific entry requirements, I noted the recommendation
|
||||
that students weaver have previously studied the graduate level or have an equivalent
|
||||
level of industry experience.
|
||||
I studied one module at a time with each one recommending about 10 hours study per week.
|
||||
Just a little about the institution itself.
|
||||
While there is a campus in the city of Milton Keynes in Buckinghamshire, England, unlike
|
||||
my stuffy universities, this university has always been primarily for distant study
|
||||
long before the days of the internet, covid and video calls.
|
||||
Daniel Weinbrunt describes in his book The Open University History how the then-primince
|
||||
to Harold Wilson in 1963 set out plans for a University of the Air which was eventually
|
||||
realised and gained a royal charter in 1969.
|
||||
I remember as a child in the 1980s and 1990s watching the television broadcasts they put
|
||||
out on the BBC in the early hours of the morning which supplemented the other study material
|
||||
students were sent in the post.
|
||||
A decade or so ago my mother, who in her youth after passing the 11-plus selection exam
|
||||
yet not being able to go to a grammar school and having left school with only a handful
|
||||
of O level qualifications, studied for and obtained a Bachelor of Arts degree in her retirement
|
||||
through the Open University.
|
||||
While studying by correspondence can feel quite solitary on each of the modules there
|
||||
was a form of students and some of the modules also had collaborative activities.
|
||||
The first module of the Master's Eye studied was information security.
|
||||
Studying this it helps if it can be related to an actual organisation the student has
|
||||
some first-hand knowledge of and that was pretty much a requirement for the assignments
|
||||
which sent it around developing a hypothetical information security management system that
|
||||
would suit the organisation in question.
|
||||
The first lesson was that security is not static but a moving target and for an organisation
|
||||
to be secure its processes must evolve over time.
|
||||
The International Standard ISO 27000 outlines the various things that an information security
|
||||
management system should include.
|
||||
We were taught how to categorise and prioritise critical information assets to think about
|
||||
the need to incorporate security within company policies with designated roles and people
|
||||
with accountability.
|
||||
Different types and levels of risk need to be treated appropriately, applying whatever
|
||||
controls are necessary and there should be ways of ensuring compliance.
|
||||
One way of looking at information risk is to list the asset, the access, the actor, the
|
||||
motive and the outcome.
|
||||
So an asset might be identity documents such as a scanned passport, the access might be
|
||||
physical access to the computer with the files or instead via the network, the actor who
|
||||
might compromise security could be inside such as an employee or outside such as a hacker.
|
||||
The motive or circumstance for these files to be accessed could be either deliberate
|
||||
or accidental and finally the likely outcomes might be disclosure of sensitive information
|
||||
or loss or destruction of that information.
|
||||
There are different ways of quantifying risk, but in its most simple form it involves multiplying
|
||||
the probability of the event happening by some measure of the impact if it did happen
|
||||
and this might be in monetary or other terms.
|
||||
As well as the broad concepts mentioned we also looked at some specific information security
|
||||
tools.
|
||||
One of these was Nessus available from tenable.com which scans a PC for vulnerabilities
|
||||
and lists these with a score of critical high medium low or for info only.
|
||||
Compliance is an area I was already familiar with from having to get a client's web server
|
||||
to pass quarterly scans because it processes cardholder details.
|
||||
The module concluded within assignment requiring some independent research into a chosen security
|
||||
topic.
|
||||
I chose Halipots which a device is that detect intrusion onto a network by making themselves
|
||||
deliberately visible and easy to hack and two of the three papers are reviewed for this
|
||||
assignment were about using Raspberry Pi's as Halipots.
|
||||
Just one note about this level of study which I discovered to my disadvantage in completing
|
||||
the assignment is that students are expected to make use of specific academic skills and
|
||||
present findings in an expected format and if this is not adhered to closely it does
|
||||
not matter how technically good the work is it won't get high marks.
|
||||
The next module was system security this one I felt right at home with because it had
|
||||
a fairly technical bias.
|
||||
I also enjoyed it because a lot of the activities were collaborative presenting system models
|
||||
to others and reviewing Ness.
|
||||
The material studied was quite diverse including different types of cryptography and access controls
|
||||
using the CVE security vulnerability database hardening a Linux installation modeling systems
|
||||
with data flow and activity diagrams and the application of ethics with respect to governments
|
||||
weaponizing security exploits.
|
||||
The key learning of the module is that any security threat relates to one or more of the
|
||||
following first spoofing that is pretending to be not who or what someone seems second
|
||||
tampering that is changing data thirdly repudiation that is doing something then saying that
|
||||
it didn't happen.
|
||||
For free information disclosure are leaking some data then fifth denial of service so stopping
|
||||
system from working and finally sixth elevation of privilege that is using some limited access
|
||||
to wrongfully gain more access.
|
||||
These form the acronym STRIGHT which is attributed to confelda and garg in 1999.
|
||||
System security was my favourite module and I scored a distinction for it and while I did
|
||||
subsequently fail miserably to describe how to secure a modern web based system we're
|
||||
asked as part of an interview for a job working for the bridge government answering a similar
|
||||
question on reddit we're not under interview pressure attracted well over 100 upvotes.
|
||||
The third module was network security and this was heavily biased towards Cisco with capital
|
||||
C and there was a lot of work typing commands into virtual iOS devices that is iOS in all
|
||||
capitals as in internet work operating system are not the little wide bigger OS made by Apple.
|
||||
Apart from mundane stuff like doing networking things at different layers of the OSI model
|
||||
implementing access controls and Cisco devices network routing and the somewhat complicated
|
||||
task of setting up a VPN.
|
||||
The module also covered how companies secure devices like mobile phones and laptops when
|
||||
employees bring their own stuff into a company network.
|
||||
The final assignment included a neat task in Carly Linux forensically examining the results
|
||||
of a pretend exploit using tools like Wyshark to make sense of the logs and then document
|
||||
what had happened and how.
|
||||
The next module was software development here I got my hands dirty with the monstrosity
|
||||
that is an enterprise Java database application with a web based interface at an API endpoint
|
||||
and they still have scars from dependency resolution and configuration of database drivers.
|
||||
The module mainly covered object or programming and especially the drawing of class diagrams
|
||||
the concept of design patterns and using a test framework.
|
||||
Out of some sense of rebelliousness that the aforementioned are front to my sanity I
|
||||
blatantly used one of the assignments as an excuse to learn both Spring Boot and Angular
|
||||
even though neither of those was mandated in the assignment brief.
|
||||
The module ended with a research and review assignment of papers on a chosen topic and
|
||||
I chose a topic of security and open source software.
|
||||
In the context of using automated tools rather than code review to detect security issues
|
||||
in code I even managed to sneak in a reference to chest legend Gary Casper of famously beaten
|
||||
by Deep Blue about what computers are good at and what they are not.
|
||||
Although had it been a year later advances in large language models might have nullified
|
||||
this point.
|
||||
The most recent module I studied was software engineering.
|
||||
While covering several topics such as software quality, productivity, the place of open source,
|
||||
the agile methodology and again ethics, the primary topic was requirements engineering.
|
||||
The main message is you can't make a sandwich until you know the preferences and dietary
|
||||
requirements of your client.
|
||||
The likely costs of tools and materials such as a knife, cheese and butter, the likely
|
||||
time it will take, the consequences if you could only get as far as buttering the bread
|
||||
and needed to call in a cheese specialist to complete the job and the need for these requirements
|
||||
to be signed off with all stakeholders involved, especially the client's mum.
|
||||
For anyone facing such dilemmas the set text was mastering the requirements process by
|
||||
Robertson and Robertson.
|
||||
The main case study on this module centered around a fictional ticketing system for the
|
||||
Olympics this year.
|
||||
The collaborative activity involved collaborating with dozen or so other students on a GitHub
|
||||
repository hosting requirements documents for this system.
|
||||
With every single person having full read and write access this did get a bit chaotic
|
||||
and some of the blame for that rest of my shoulders, as are more than once used features of
|
||||
Git that weren't taught in the module and aren't generally sanctioned such as rebasing
|
||||
then force pushing to a shared repo.
|
||||
Unlike the other modules this one ended with an exam, this was open book but required
|
||||
application of principles taught in the course to a newly presented case study.
|
||||
The final module not yet taken is called Research and Context.
|
||||
I plan to study this later this year.
|
||||
It will be about the process of academic research and primarily involves conducting some
|
||||
research on a chosen topic.
|
||||
I have that to look forward to.
|
||||
So today I've talked about several postgraduate modules offered by the Open University that
|
||||
can be combined into a master's qualification.
|
||||
Other universities were other modules and there were some I could have taken but opted
|
||||
not to such as data management and digital forensics.
|
||||
This route of study is not for everyone, they're financial and time pressures.
|
||||
Some of what is learned may be abstract or literally only of academic use rather than
|
||||
of direct vocational relevance.
|
||||
Maybe qualification is not important to everyone and there are arguably now more varied
|
||||
avenues for carrying out substantial learning than they were in the past that do not include
|
||||
the university.
|
||||
However, there are good reasons why some people do benefit from studying in this way.
|
||||
Many have and perhaps more would give the opportunity.
|
||||
In any case I hope this has been of interest and thanks for listening.
|
||||
You have been listening to Hacker Public Radio at Hacker Public Radio does work.
|
||||
Today's show was contributed by a HBR listener like yourself.
|
||||
If you ever thought of recording podcast, click on our contribute link to find out how
|
||||
easy it really is.
|
||||
Hosting for HBR has been kindly provided by an honesthost.com, the internet archive and
|
||||
our syncs.net.
|
||||
On the Sadois status, today's show is released under Creative Commons, Attribution 4.0 International
|
||||
License.
|
||||
Reference in New Issue
Block a user