5.5 an 5.6 Notes and Hacks
Notes for 5.5 and 5.6 and hacks.
5.5 Reflection
- When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your personal blog.
- There are open source and close source licenses:
- open source allows for anyone to use the program, without needing to pay
- close source requires payment to authors based on what user makes from distribution
- Creative Commons Zero v1.0 Universal
- doesn’t allow for something to be copyrighted and is for public domain
- Open Source MIT License
- allowed for code to be used and then made into a closed source version for distribution
- authors still want credit (comments)
- Open Source GPL License
- GNU GPLv3 - people can do anything with project except distribute
- There are open source and close source licenses:
- In your blog, summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic.
- As a group, we decided to use Open Source GPL for our group project. This is because we want others to be able to use our program, as well as learn from the code of our program by playing around with it. We don’t, however, want people stealing our program and distributing it to others for their own personal gain, as we believe everyone should have access to such a program.
- In terms of legality and ethics, I believe that we should give credit to those that we use code from. Many other divisions of society use digital rights for their movies and music, which prevents pirating the content of a company. This is how large companies are able to make income from their productions.
- In our class, I think it is best to use open sourced licenses because people should be able to learn from the code we produce and share among one another. Companies, however, need to create products with licenses in order to make a profit and support future projects that they might want to enact.
- Make a license for your personal (blog) and Team repositories for the CPT project. Be sure to have a license for both Team GitHub repositories (frontend/backend). Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.
- For both my fastpages as well as our group flask and github pages website, we decided to use the open source GPL license, which allows others to modify our code in order to learn, but doesn’t allow them to distribute our work for their own personal gains. This will allow for others to learn to code by playing around with our creations.
5.6 Reflection
- Describe PII you have seen on project in CompSci Principles.
- PII that I have seen on my project involves information such as period number, classroom number, class name, start times, and end times of classes. This data isn’t very sensitive, however on other projects, I have seen the request for emails, birth dates, passwords, and phone numbers, which are much more sensitive.
- What are your feelings about PII and your personal exposure?
- I that with PII, we should be cautious of what we share and do on the internet. With PII, anything on the internet can be tracked down to us in the real world eventually. There are also people looking for that information online, who want to take it in order to do bad things. PII is good for bank websites and other programs that need your information in order for you to store something very personal.
- Describe good and bad passwords? What is another step that is used to assist in authentication.
- A good password has many different characters in it, causing people who want to find the password to have a very difficult time actually finding our what it is. This also makes it harder for hardware, such as supercomputers to find your password, as the longer it is, the more time it will take to be cracked. A bad password is a short one with generic phrases and characters, making it really easy for anyone to guess and steal. Another step of authentication is a code that is sent to the user either through phone number or through an authentication app that changes the code every 5 minutes.
- Try to describe Symmetric and Asymmetric encryption.
- Symmetric encryption is where there is only one secret key that encrypts and decrypts information.
- Asymmetric encryption is where there is a public and a private key used to encrypt and decrypt information.
- Provide an example of encryption we used in AWS deployment.
- In AWS, we used SSL encryption, which uses both symmetric and asymmetric encryption in order to keep data safe.
- Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
- There are many phishing schemes that are created and used. One of them is where the attackers sends a link that looks similar to a login page, tricking the user into thinking it’s the actual login page, where they enter their information and then their account is stolen. Social engineering is used in this to make the site look like the original in order to entirely trick the user. This form is very prominent in Discord, where many create phishing links and send them, advertising them as free nitro or free money or some other form to attract the user. They then take control of the user’s accounts to either buy a lot of discord nitro or to send even more links.