hpr-knowledge-base/hpr_transcripts/hpr4164.txt

Episode: 4164
Title: HPR4164: Postgraduate Computing
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4164/hpr4164.mp3
Transcribed: 2025-10-25 20:36:08

---

This is Hacker Public Radio Episode 4164 for Thursday the 18th of July 2024.
Today's show is entitled POSP Graduate Computing.
It is hosted by Lee and is about 11 minutes long.
It carries a clean flag.
The summary is studying for a Master's in Computing with the Open University.
My name is Lee and today I'll talk about a postgraduate Master's in Computing which
I've been studying towards over the last few years.
This qualification could be studied for with quite a few different universities in the
United Kingdom.
I'll be talking about the programme that's offered by the Open University and focusing
on the particular modules that I've taken myself.
While the modules I took did not have specific entry requirements, I noted the recommendation
that students weaver have previously studied the graduate level or have an equivalent
level of industry experience.
I studied one module at a time with each one recommending about 10 hours study per week.
Just a little about the institution itself.
While there is a campus in the city of Milton Keynes in Buckinghamshire, England, unlike
my stuffy universities, this university has always been primarily for distant study
long before the days of the internet, covid and video calls.
Daniel Weinbrunt describes in his book The Open University History how the then-primince
to Harold Wilson in 1963 set out plans for a University of the Air which was eventually
realised and gained a royal charter in 1969.
I remember as a child in the 1980s and 1990s watching the television broadcasts they put
out on the BBC in the early hours of the morning which supplemented the other study material
students were sent in the post.
A decade or so ago my mother, who in her youth after passing the 11-plus selection exam
yet not being able to go to a grammar school and having left school with only a handful
of O level qualifications, studied for and obtained a Bachelor of Arts degree in her retirement
through the Open University.
While studying by correspondence can feel quite solitary on each of the modules there
was a form of students and some of the modules also had collaborative activities.
The first module of the Master's Eye studied was information security.
Studying this it helps if it can be related to an actual organisation the student has
some first-hand knowledge of and that was pretty much a requirement for the assignments
which sent it around developing a hypothetical information security management system that
would suit the organisation in question.
The first lesson was that security is not static but a moving target and for an organisation
to be secure its processes must evolve over time.
The International Standard ISO 27000 outlines the various things that an information security
management system should include.
We were taught how to categorise and prioritise critical information assets to think about
the need to incorporate security within company policies with designated roles and people
with accountability.
Different types and levels of risk need to be treated appropriately, applying whatever
controls are necessary and there should be ways of ensuring compliance.
One way of looking at information risk is to list the asset, the access, the actor, the
motive and the outcome.
So an asset might be identity documents such as a scanned passport, the access might be
physical access to the computer with the files or instead via the network, the actor who
might compromise security could be inside such as an employee or outside such as a hacker.
The motive or circumstance for these files to be accessed could be either deliberate
or accidental and finally the likely outcomes might be disclosure of sensitive information
or loss or destruction of that information.
There are different ways of quantifying risk, but in its most simple form it involves multiplying
the probability of the event happening by some measure of the impact if it did happen
and this might be in monetary or other terms.
As well as the broad concepts mentioned we also looked at some specific information security
tools.
One of these was Nessus available from tenable.com which scans a PC for vulnerabilities
and lists these with a score of critical high medium low or for info only.
Compliance is an area I was already familiar with from having to get a client's web server
to pass quarterly scans because it processes cardholder details.
The module concluded within assignment requiring some independent research into a chosen security
topic.
I chose Halipots which a device is that detect intrusion onto a network by making themselves
deliberately visible and easy to hack and two of the three papers are reviewed for this
assignment were about using Raspberry Pi's as Halipots.
Just one note about this level of study which I discovered to my disadvantage in completing
the assignment is that students are expected to make use of specific academic skills and
present findings in an expected format and if this is not adhered to closely it does
not matter how technically good the work is it won't get high marks.
The next module was system security this one I felt right at home with because it had
a fairly technical bias.
I also enjoyed it because a lot of the activities were collaborative presenting system models
to others and reviewing Ness.
The material studied was quite diverse including different types of cryptography and access controls
using the CVE security vulnerability database hardening a Linux installation modeling systems
with data flow and activity diagrams and the application of ethics with respect to governments
weaponizing security exploits.
The key learning of the module is that any security threat relates to one or more of the
following first spoofing that is pretending to be not who or what someone seems second
tampering that is changing data thirdly repudiation that is doing something then saying that
it didn't happen.
For free information disclosure are leaking some data then fifth denial of service so stopping
system from working and finally sixth elevation of privilege that is using some limited access
to wrongfully gain more access.
These form the acronym STRIGHT which is attributed to confelda and garg in 1999.
System security was my favourite module and I scored a distinction for it and while I did
subsequently fail miserably to describe how to secure a modern web based system we're
asked as part of an interview for a job working for the bridge government answering a similar
question on reddit we're not under interview pressure attracted well over 100 upvotes.
The third module was network security and this was heavily biased towards Cisco with capital
C and there was a lot of work typing commands into virtual iOS devices that is iOS in all
capitals as in internet work operating system are not the little wide bigger OS made by Apple.
Apart from mundane stuff like doing networking things at different layers of the OSI model
implementing access controls and Cisco devices network routing and the somewhat complicated
task of setting up a VPN.
The module also covered how companies secure devices like mobile phones and laptops when
employees bring their own stuff into a company network.
The final assignment included a neat task in Carly Linux forensically examining the results
of a pretend exploit using tools like Wyshark to make sense of the logs and then document
what had happened and how.
The next module was software development here I got my hands dirty with the monstrosity
that is an enterprise Java database application with a web based interface at an API endpoint
and they still have scars from dependency resolution and configuration of database drivers.
The module mainly covered object or programming and especially the drawing of class diagrams
the concept of design patterns and using a test framework.
Out of some sense of rebelliousness that the aforementioned are front to my sanity I
blatantly used one of the assignments as an excuse to learn both Spring Boot and Angular
even though neither of those was mandated in the assignment brief.
The module ended with a research and review assignment of papers on a chosen topic and
I chose a topic of security and open source software.
In the context of using automated tools rather than code review to detect security issues
in code I even managed to sneak in a reference to chest legend Gary Casper of famously beaten
by Deep Blue about what computers are good at and what they are not.
Although had it been a year later advances in large language models might have nullified
this point.
The most recent module I studied was software engineering.
While covering several topics such as software quality, productivity, the place of open source,
the agile methodology and again ethics, the primary topic was requirements engineering.
The main message is you can't make a sandwich until you know the preferences and dietary
requirements of your client.
The likely costs of tools and materials such as a knife, cheese and butter, the likely
time it will take, the consequences if you could only get as far as buttering the bread
and needed to call in a cheese specialist to complete the job and the need for these requirements
to be signed off with all stakeholders involved, especially the client's mum.
For anyone facing such dilemmas the set text was mastering the requirements process by
Robertson and Robertson.
The main case study on this module centered around a fictional ticketing system for the
Olympics this year.
The collaborative activity involved collaborating with dozen or so other students on a GitHub
repository hosting requirements documents for this system.
With every single person having full read and write access this did get a bit chaotic
and some of the blame for that rest of my shoulders, as are more than once used features of
Git that weren't taught in the module and aren't generally sanctioned such as rebasing
then force pushing to a shared repo.
Unlike the other modules this one ended with an exam, this was open book but required
application of principles taught in the course to a newly presented case study.
The final module not yet taken is called Research and Context.
I plan to study this later this year.
It will be about the process of academic research and primarily involves conducting some
research on a chosen topic.
I have that to look forward to.
So today I've talked about several postgraduate modules offered by the Open University that
can be combined into a master's qualification.
Other universities were other modules and there were some I could have taken but opted
not to such as data management and digital forensics.
This route of study is not for everyone, they're financial and time pressures.
Some of what is learned may be abstract or literally only of academic use rather than
of direct vocational relevance.
Maybe qualification is not important to everyone and there are arguably now more varied
avenues for carrying out substantial learning than they were in the past that do not include
the university.
However, there are good reasons why some people do benefit from studying in this way.
Many have and perhaps more would give the opportunity.
In any case I hope this has been of interest and thanks for listening.
You have been listening to Hacker Public Radio at Hacker Public Radio does work.
Today's show was contributed by a HBR listener like yourself.
If you ever thought of recording podcast, click on our contribute link to find out how
easy it really is.
Hosting for HBR has been kindly provided by an honesthost.com, the internet archive and
our syncs.net.
On the Sadois status, today's show is released under Creative Commons, Attribution 4.0 International
License.