[THEME MUSIC] DAVID J. MALAN: Can you hear me, world? So in next week's episode we'll talk about microphone technology. But for now, let's begin. Hello, world, we are back, as is my voice. And this is CS50 Live. 

And boy, do we have a good show for you this week. In particular, we've got the Heartbleed bug that's been all over the news of late, some stories from students, a trip to Vegas, a behind the scenes tour of Dropbox. And I'm hearing, yes, CS50's own Ramon Galvin is back. CS50's Ramon Galvin is in the studio again today. 

But first, some desk lamps. Of course desk lamps have been a bit of a thing this semester in CS50. And you may recall Ahmad, from a previous episode, who submitted a video making his case for why he'd like to receive his own CS50 desk lamp. Well, we sent a desk lamp ultimately to Ahmad. And he kindly sent us this photo of himself in Pakistan with a CS50 desk lamp. 

Meanwhile, you may recall Lamp Story, submitted by Eggers in Latvia. We sent over a desk lamp to Latvia as well. And pictured here is that desk lamp. Finally, you may recall Philip who didn't just submit a photo, but also submitted a video via which to thank us for his desk lamp, which we sent all the way to Germany. Let's take a look. 

PHILLIP: Hi. Dear David, and dear all of you amazing people at CS50. I'm Phil and I want to thank you so much for this incredible gift. It is unbelievable to me that you actually sent this all the way over here to Germany. But you know what? Why don't I thank you personally? 

Hey, David, I want to thank you so much for this CS50 desk lamp. You can not imagine what this means to me. 

DAVID J. MALAN: Desk lamp? 

PHILLIP: Right. OK, I'm going to leave, but, yeah, thanks. DAVID J. MALAN: Now, two of your classmates actually traveled to us to have a chat of late. In particular, Amy from Massachusetts and Jack from Dublin, Ireland, came all the way to Sanders Theater to sit down and talk about CS50 past and present. 

This is Sanders Theater. So this is where CS50's lectures are held. Thanks so much for coming to campus. Shall we start with the introductions? I'm David. 

AMY: I'm Amy. I work on the web and I live here in Cambridge. 

JACK: I'm Jack and I'm from Dublin, Ireland. I'm a junior in high school. 

DAVID J. MALAN: And what brings you here today in particular from so far away? JACK: For a visit to Boston. 

AMY: How has CS50 evolved as you've been teaching it? 

DAVID J. MALAN: It's definitely gotten more dramatic over the years. We've been filming since 2007, so we can literally go back in time and watch past years, first lectures in particular. And I think the first lecture in 2007 was pretty much me, coming out in front of the class. Saying, hello, this is CS50. And we dove into the day's material. 

All right, so welcome to Computer Science 50, Introduction to Computer Science 1. My name is David Malin and I will be your instructor this-- 

Now there's music. The lights go down. We drop down a huge screen. There may or may not be Muppets in a given year. And it's funny, because this has all happened very gradually over the years, just a little bit more each year. But the delta, now, between the first year and the last year is actually rather atrocious, just how different the first five minutes are. 

AMY: I'm curious, what do you see as the differences between the edX version and the live course? 

DAVID J. MALAN: So curricularly and technologically CS50 on campus and CS50x off campus are fundamentally the same. What does differ between the two is the level of support that we're able to provide. Even though CS50 has a huge team of some 100 teaching fellows, course assistants, myself, and our production team-- we can just barely keep up with the 700 students on campus and the 150 Extension School students who are local or online themselves. So for CS50x, we simply don't have the support structure of office hours, for instance, four nights a week for several hours. JACK: And what do you guys talk about in office hours that will be different to, say, what you have on lectures, or on sections, or shorts? DAVID J. MALAN: On campus office hours are really opportunities for students to pose questions, one on one, with a member of the teaching staff or even a classmate of theirs nearby. And generally wrestle with bugs that they're having in their codes. 

AMY: I think Reddit kind of gives a reasonable facsimile of an office hours. 

DAVID J. MALAN: Agreed, agreed. I've been really impressed, though, with the Reddit community and the newcomers to the group, too-- just how eager and hopeful people have been. And Reddit definitely lends itself better, I think, to posting of code and having threaded discussions. 

JACK: And do you think people should try, if they know they're doing something wrong or it's like, they've implemented-- spent too much time on it, think they should stop and start again? Or look for help? Or how should they-- 

DAVID J. MALAN: Take a break, minimally. Sometimes, especially for me at least, as your stress level starts to rise you start hacking away and copying and pasting, forgetting what you've already tried. It's just time to go to sleep, or go take a jog, or go shower, and just kind of get some distance. And this has happened many, many times to me where I'll be lying there in bed even, or even driving to work, or walking somewhere, kind of debugging in my head. 

And only once you have that distance and a lot less stress on your shoulders, I think, can you realize, like, oh, I'm an idiot. I forgot to call this function, or initialize some variable. 

So as a little surprise if you'd like to take a look under your CS50 seat cushion, a little something awaits you. Those were good looks. Did we get those looks? 

Under their seat cushions, of course, was a bit more Dropbox space. Now you may recall we recently traveled to Saint Louis, Missouri, where we had a unique opportunity to actually blow glass at the Third Degree Glass factory. Our host for the day made this beautiful bowl of glass by spinning and spinning it until you got this beautiful wavy effect. And this now lives in our offices here in Cambridge. 

I, on the other hand, made this big ball of orange glass that now sits on my desk. But we were in Saint Louis, of course, for the CS50 hackathon in Saint Louis with Launchcode, where we had an opportunity to sit down with a number of your classmates and hear their CS50 stories. 

EZRA: Once I saw computer coding and the kind of-- that's the career that I want to be in. And I think that I would be very good at it. 

CHARLES: Well, I've been job hunting for a while. Bachelor of Science, biomedical engineering. It hasn't been going too well. So I thought maybe I'd look into a different field. 

KIMBERLY: In Green Bay, Wisconsin I was a school counselor. And I really knew I wanted to change careers. 

SAM: I've heard a lot of people saying, like, everyone should learn how to code. Everyone should be exposed to it. And before I was just kind of like, eh, whatever. 

AUSTIN: I had taken a semester off. And I'm now doing the CS50x program. 

KELLI: It's very accessible to anyone at all. 

LEANNE: I've been a developer in the past. But I had a situation and I wanted to kind of increase my confidence, and I wanted to learn C, and I wanted to learn PHP, which I saw that CS50 was teaching. AUSTIN: People are really helpful. There's definitely more of a community than you would think from an online course. 

KELLI: I'm working on my problem set five, that I just started. So I get to do a little forensics. 

CHARLES: It has been challenging. It's definitely meant to stretch your limits. I'm working on problem set five. 

KIMBERLY: My classmate and I are working on our final project. 

SAM: I'm working on my final project. I've got two other people working with me, we're the tri-force of power. 

LEANNE: I'm attempting to work on an iOS app that is a calendar agenda application that I wanted to create, just for my own use, to start out with. 

AUSTIN: My final project is going to be a website that is an image and visual repository. Basically it's going to have a listing of helpful phrases and sign language for medical personnel. 

EZRA: Let's say my final project was a puppet doing a dance, and they asked me, can you make this puppet to do this dance twice as fast? I would be able to go to my code, change it, save it, compile it, upload it, and show them right away that I can-- that not only did I make this final project, I understand. I can tweak it however they want me to tweak it. 

CHARLES: I figure once I get my final project completed and some potential employers have a chance to look at that they'll have a better assessment of whether they think I'll be a good fit for them. SAM: Now I'm very confident and I'm learning new stuff all the time. And it's great. It's changed my life. 

EZRA: This is really hard material, especially if you're doing this and also working, and maybe also have a family, and maybe also have children, and maybe also have a mortgage. But it's so worth it if you just put the effort in. What you get out is so much more valuable than the time that you put in. DAVID J. MALAN: And now, this week in tech. Odds are you've heard of the so-called Heartbleed bug, which has affected web servers throughout the world. But what is this bug, exactly? Well, turns out that many web servers run software called open SSL, where SSL of course is Secure Sockets Layer. And this is the technology that encrypts traffic between a web browser, or client, and a web server. Now unfortunately, in December of 2011, a programmer introduced an accidental bug into the source code for open SSL. 

And open SSL unfortunately is used in so many other products, among them the Apache web server, and others, that are hugely popular on the internet for hosting websites. The result of this was that the following attack is possible. As part of open SSL there's a so-called heartbeat feature, whereby a client like a browser can send a message or a payload, which is really just a string, like hello, to a server. And in addition to that payload it sends a number which should be the length of that payload. In the case of hello, it should be five. 

Unfortunately, the bug in open SSL operated as follows. It ignored that number. And so if you-- rather, it trusted that number. So if you, the client, sent a message like hello, and not the number 5 but the number 100, what would happen is that the server would blindly respond to that payload by echoing back not only hello, those 5 bytes, but 95 additional bytes thereby trusting that you were telling the truth when you said that the payload was in fact 100 bytes. Now why is that problematic? 

Well, you may recall from CS50, of course, from memory management that on the stack and the heap are remnants of data paths, when you've called a function, used a variable, those values stay in memory even if you're no longer actively using those chunks of memory. So when the server responds not with 5 bites but with 100 bytes, 95 of which are not technically supposed to go back to the client, those 95 bytes could contain passwords, or the server's security certificates, or the servers secret keys, so to speak, all of which are used for encryption. 

And so ultimately your information could be handed back to some random adversary on the internet simply because your password, or credit card information, or something else that's sensitive happened to be in the web server's memory at that particular location. Now this was a big deal, because this bug affected web servers throughout the world. Among them Amazon Web Services, Box, Dropbox, Etsy, Flickr, GitHub, Gmail, Go Daddy, Google, Instagram, Minecraft, Netflix, OKCupid, Pinterest, SoundCloud, Tumblr, Twitter, Venmo, Wikipedia, WordPress, Yahoo, YouTube-- and those are just the companies, just some of the companies that actually disclosed that their servers had been running the afflicted software and had only recently, as this past week, been updated. 

Now it turns out the fix, in source code for, this Heartbleed bug is actually remarkably simple. It pretty much boils down to these two lines of code. If payload is greater than the actual length, return 0. Do not return some potentially disclosing bits. Now in reality the lines of code were a little more complex. It looked a bit more like this. But this is just some additional arithmetic and there were a few other lines of code, but the fix really was that simple. 

And so if you've never believed in lectures when we say that you should always check the boundaries of your array and make sure to check the lengths of any chunk of memory before blindly traversing through your computer's memory, this is what can happen. And truly it's been a globally impactful bug. Now what can you yourself do to learn more and protect yourself? Well, head to heartbleed.com, which is a terrific website that explains in a bit more detail exactly what the threat is, how folks have responded, what software's been affected, and how you can defend yourself. But it pretty much boils down to this-- change your passwords, arguably on most any website you know if unsure whether that particular website was affected. 

Because one of the scariest things about this bug is that it's not so much auditable. It's not clear if, even over the past two years, a server was vulnerable, if your information was indeed compromised. So as is the case generally with security, the best approach is paranoia and change any passwords on websites that are particularly sensitive to you. But head to that URL there for even more detail. 

Now in other news, Mark Zuckerberg recently posted this. I'm excited to announce that we've agreed to acquire Oculus VR, the leader in virtual reality technology. Now virtual reality is an interesting thing that's beginning to gain a bit more traction. It generally involves putting on a pair of goggles that might look like these inside of which are a pair of lenses that allow you to see a computer screen right up close to your face. And on that computer screen could be anything, the inside of a house, the outside of the house, a virtual world inside of a game. And the result is an incredibly immersive opportunity to feel as though you're actually someplace that you're actually not. I, for instance, might be in a conference room when really I think I'm in a Tron-like virtual world. And indeed, I had an opportunity. I haven't personally played with Oculus, but I did visit our friends in Seattle, Washington, recently at Valve software, who were working on a very similar VR technology. And I was very fortunate to have the opportunity to put on their pair of goggles for 60 seconds of this. 

[MUSIC PLAYING] 

Now, CS50's own Dan Coffey also had an opportunity to take a trip recently to Mountain View, California, where he sat down with our friends at Dropbox, among them CS50's own former head teaching fellow Thomas Carriero, who's been responsible for all of that Dropbox space underneath your seat cushions. Thomas very kindly opened the doors of Dropbox and gave us an exclusive behind the scenes of what it's like to work at Dropbox and daresay live at Dropbox. 

THOMAS CARRIERO: Hi, I'm Thomas Carriero, former CS50 head TF. We're here at the Dropbox headquarters in San Francisco, California. Welcome. I'm going to show you on a tour. Come with me. Cool. So this balloon right here, this green check mark, is the balloon that we put on your desk when you first join the company. And the idea is that the balloon will stay kind of up there as long as you're a new hire. So the balloon of course loses helium over time and by the time the balloon is dead you're no longer a noob. This takes a couple of months to happen because these are really, really expensive balloons. We think we might keep the green check mark balloon business in business. 

Cool, so this right here is AT&T Park. This is where the San Francisco Giants play. We actually have a Dropbox box suite, one of our other awesome amenities, just across the way. So I'm standing by this really cool light display. So what's going on here is we're getting real time data about what's happening in our Mailbox app. Each of the colors corresponds to a different action. 

And so as users are doing these actions, these lights are lighting up with those colors to kind of let us know what's going on. Sometimes if stuff is going wrong, the colors will all start to be one color and we know that something bad is happening. So this is kind of one of the ways that we keep track of what's going on in Mailbox. 

Cool, so let's see what's for dinner tonight. Looks like we have eight hour smoked beef brisket right here. And right here is my favorite station, the Indian station. It's an open face samosa chop today. Well, I guess that was my favorite station but this is my other favorite station. 

This is the pizza station. So they always make different kinds of pizza with our pizza oven right there. Looks like they're making a Sicilian pizza, which is one of my favorites. All right, so the chef told me that they are freshly made Ho Hos. I told him I was going to wait until after I'd eaten my dinner but I'm definitely going to have one of those tonight. OK, I'm going to have mine now. Real good. 

So this is kind of the bonus station that's outside of the tech shop. For lunch we have Mexican food here and sushi here. And for dinner we have some kind meat delicious. Looks like roasted pork loin tonight. Get a close up on that. Cool, so this is our design area. This is where we design a bunch of the products. We have lots of fun poster boards and stuff, with kind of all the mocks that we're working on. We also have along the ground a bunch of the mocks that we've been working on over the years. So you can get a close up of that in a second. 

But this sign is one of my favorite things about Dropbox. So this sign actually came from the old office. And our slogan is, it just works. But if you look closely, there's a subliminal message in the sign. 

So one of my favorite parts about Dropbox are these vending machines. Instead of having chips or soda or anything like that, we actually have electronics. So if you need a new trackpad, or a new keyboard, or some headphones, all you need to do is swipe your badge right here. Type in the number and then the out comes your electronics. Pretty awesome. Thanks so much for joining me on this tour of Dropbox. It's been really fun showing you around. 

I'm going to close this out with the way we close out all of our all hands meetings. This is a special chant we do. Can I get some help here? One, two, three-- Dropbox! It's usually much cooler than that. DAVID J. MALAN: Now if you'd like to visit Dropbox, head to Mountain View, California, hop on Route 101 north to San Francisco, where they actually are. Now we've also had an opportunity recently to travel to Las Vegas, Nevada for the NAB show, the National Association for Broadcasters show, which brings together some 100,000 people interested in audio and video and technology more generally to talk about the very latest and greatest. 

CS50's own Ramon Galvin took this trip and brought with him a camera crew in order to this footage from the show's floor. RAMON GALVIN: Hello, world. OK, I got it. Hello, world. Do I have to say my name? 

CAMERAMAN: Correspondent in the field . RAMON GALVIN: Can I get a lower third of that? Correspondent in field. 

CAMERAMAN: Senior. RAMON GALVIN: There you go. I know, but I have to do it. [INAUDIBLE]. I'm clueless. 

Now's my prima donna pose. DAVID J. MALAN: And they keep mentioning 4K. What is 4K exactly? 

RAMON GALVIN: That's a really good question. Very basically-- 

DAVID J. MALAN: Cut to a clip explaining 4K. Hello, world. My name is David Malan. RAMON GALVIN: I'm Ramon Galvin. DAVID J. MALAN: And we're here at NAP, the National Association of Broadcasters conference in Las Vegas, Nevada. But why are we here? RAMON GALVIN: I don't know. I don't know, David. 

DAVID J. MALAN: That was pretty good. Is this usable? 

RAMON GALVIN: Probably not. DAVID J. MALAN: We're back, as is CS50's own Ramon Galvin, who you may recall from last week's episode. Ramon, so glad you are indeed back. 

RAMON GALVIN: I'm glad I still have a job, David. 

DAVID J. MALAN: So let's address the elephant that was in the room in Las Vegas, namely 4K. I've heard about this in the context of TVs and computer monitors, but what is 4K? 

RAMON GALVIN: So it's a resolution. Whenever you're watching a walk through video or a lecture you get what we call 1080p video. What that means that the video is 1,000 pixels tall. 

DAVID J. MALAN: Or 1080. 

RAMON GALVIN: Or 1080. Or roughly 2,000 pixels wide. Now 4K is 4,000 pixels wide, roughly, and roughly 2,000 pixels tall. DAVID J. MALAN: OK. So that's kind of like having a grid of four 1080p monitors right in front of you. 

RAMON GALVIN: Exactly. DAVID J. MALAN: OK, so that's all fine and good but why is this useful? 

RAMON GALVIN: I'm glad I asked you to ask me that question, David. 

DAVID J. MALAN: It's on the teleprompter. 

RAMON GALVIN: So there's a documentarian named Errol Morris that actually makes use of 4K technology. Ordinarily to shoot an interview, which he usually does, he would have to either use multiple cameras to get a zoomed in shot or a zoomed out shot, or shoot the interview twice to get the same zoomed in, zoomed out shot. However, now he's using a 4K camera to shoot one huge 4K shot. And then when he's editing, artificially cropping that shot. DAVID J. MALAN: And zooming in, essentially, to give you still 1080p but only some of the pixels from the 4K image. 

RAMON GALVIN: Exactly, giving him multiple camera shots out of that one original camera shot. DAVID J. MALAN: Interesting. So how could we make use of this for CS50? 

RAMON GALVIN: I'm glad you asked me that question, too, David. Because I shot the walk through videos with Zamyla last semester. And for those videos we would have to run through the walk through once with a zoomed out shot. And then I'd have to adjust the camera to get a zoomed in shot. And then we'd run through it again, running through it two times. With a 4K camera we can cut our production time in half. DAVID J. MALAN: I see. So that should be quite exciting for us, then, this fall. RAMON GALVIN: Exactly. DAVID J. MALAN: Well, from the looks of the video it sounds like it was a pretty exhausting trip. It sounds like you didn't really have much time to relax. RAMON GALVIN: Not one bit. DAVID J. MALAN: Well, that's it for CS50 Live. Thanks so much to this week's contributors. Thanks so much to the team behind the camera. Thanks so much to our correspondent-- RAMON GALVIN: Senior. DAVID J. MALAN: Senior correspondent in the field. This was CS50. 

RAMON GALVIN: And this is something, I don't know what. 

DAVID J. MALAN: It was our dress rehearsal. So that all sounds great. Bigger TVs, more pixels, more resolution. But why is this actually useful? 

RAMON GALVIN: I'm glad you asked that question, David. 

DAVID J. MALAN: I'm glad you asked-- I'm glad I asked you to ask me that. 

RAMON GALVIN: No, I say I'm glad you asked me the question. And then you say, well it's in the prompter. I'm glad I asked you to ask me that question. DAVID J. MALAN: Well, it's in the prompter there. RAMON GALVIN: I'm glad you-- DAVID J. MALAN: I think it's funnier if you just say, I'm glad I asked you to ask me that question. Because it's kind of a play on what you would expect. 

RAMON GALVIN: OK. I'm glad you asked me to ask that question, David. There's a documentarian. 

DAVID J. MALAN: I'm glad I asked you to ask me. RAMON GALVIN: I'm glad I asked you to ask me that question. 

[MUSIC-  CAKE, "THE DISTANCE"]