Unit 5 Big Ideas
Unit 5 Big Ideas
- 5.5 Legal and Ethical Concerns
- When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your personal blog.
- In your blog, summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic.
- Make a license for your personal (blog) and Team repositories for the CPT project. Be sure to have a license for both Team GitHub repositories (frontend/backend). Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.
- 5.6 Safe Computing
- Describe PII you have seen on project in CompSci Principles.
- What are your feelings about PII and your personal exposure?
- Describe good and bad passwords? What is another step that is used to assist in authentication.
- Try to describe Symmetric and Asymmetric encryption.
- Provide an example of encryption we used in AWS deployment.
- Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
5.5 Legal and Ethical Concerns
When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your personal blog.
The different license types allow for different rights to be given to your project. Some require you to make your code open source, while some allow for it to be closed, only giving out a compiled or encrypted executable. The three licenses covered in the blog were the Creative Commons Zero v1.0 Universal license, the Open Source MIT License, and the Open Source GPL License. The Creative Commons Zero v1.0 Universal license is a license that allows for the code to be used for any purpose, including commercial use. The MIT License is a license that allows for the code to be used for any purpose, including commercial use, however, it requires that code which uses it, must be open source. Typically, people who use the MIT license want credit for their work. The Open Source GPL License is a license that allows for the code to be used for any purpose, including commercial use, but it requires that the code to be open source. In addition, any changes made to the code must be open source as well. Our group used the GNU General Public License v3.0 for our project. We chose this license because we wanted to make sure that our code was open source, and that any changes made to it would be open source as well. This way, not only do we get credit for our work, but also ensure that nobody is using our code for malicious use.
In your blog, summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic.
The discussions and personal analysis on software licenses, digital rights, and other legal and ethical thoughts can be summed up as: Licensing and copyrighting allows for a great way to secure credit and legal rights for your project, however, these can be easily exploited by larger companies for profit. This is why you must work to protect your online legal rights, as well as ethical concerns, making sure you yourself don’t exploit others for profit..
Make a license for your personal (blog) and Team repositories for the CPT project. Be sure to have a license for both Team GitHub repositories (frontend/backend). Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.
Our group used the GNU General Public License v3.0 for our project in both the frontend and the backend. We chose this license because we wanted to make sure that our code was open source, and that any changes made to it would be open source as well. This way, not only do we get credit for our work, but also ensure that nobody is using our code for malicious use.
(Frontend License)[https://github.com/dolphinalt/SEAL-Frontend/blob/main/LICENSE.md]
(Backend License)[https://github.com/YLu-1258/SEAL_Backend/blob/main/LICENSE.md]
5.6 Safe Computing
Describe PII you have seen on project in CompSci Principles.
Some PII I have seen on projects in APCSP include calculating of grades (asking for your grade, GPA, classes, etc.) sharing of school schedules (asking for your classes, teachers, etc.) and sharing of personal information (asking for your name and grade).
What are your feelings about PII and your personal exposure?
My feelings about PII are that some PII may be beneficial, while some may be harmful. For example, ways that PII may be beneficial include things such as linkedin, where you can be recognized for your skills and accomplishments. However, PII can be harmful if used for malicious purposes or if it isn’t kept securely. This can include leaked passwords, credentials, and these can be leveraged for malicious gain. In my personal exposure, I have a linkedin, therefore my PII is already on the internet. Not only this, but my school profile has a lot of PII, which may be at risk for leaks.
Describe good and bad passwords? What is another step that is used to assist in authentication.
Good passwords are passwords that are hard to brute force, have a secure amount of characters, and are not easily guessed. Bad passwords are the opposite, having a small amount of characters, being easy to guess, and being easy to brute force. Some examples of good and bad passwords are “password” and “password123” being bad, and “password123!” and “password123!@#” being good. Another step that is used to assist in authentication is the use of two-factor authentication. This is where the user must provide two pieces of information to authenticate, such as a password and a code sent to their phone.
Try to describe Symmetric and Asymmetric encryption.
Symmetric encryption is where the encryption is reversible, and the encryption method is hte same as the decryption method. An example of symmetric encryption are DES, Triple DES and AES. Asymmetric encryption is where the encryption method is not the same as the decryption method. This is especially useful in authentication. Some examples of asymmetric encryption are pubkey authentication, RSA, and the Diffe-Hellman exchange method.
Provide an example of encryption we used in AWS deployment.
An example of encryption we used in AWS deployment is the SSH public key authentication. This is a type of asymmetric encryption where the message is encrypted by the private key and must be decrypted by the public key. Without the matching public key for the corresponding private key, there is no way to decrypt the message.
Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
I have fallen for a phishing scheme when I was in elementary school. There was a popup for a page that I was on that had told me that I had many viruses on my machine, and being naive, I clicked on the link. It took me to a page that looked like a Windows update page, and it asked me to download a program to remove the viruses. I downloaded the program, and it ended up being a virus. We weren’t able to remove the virus, and we had to reinstall Windows. Some other phishing techniques can include fake emails, fake websites, and fake phone calls.