Blog Reflection 5.5 & 5.6
Blog Reflection 5.5 & 5.6
5.5 IMPORTANT NOTES:
- When requesting any GitHub repository, a license type is requested
- Different licenses serve different purposes and can create different restrictions on software releases
- The GPL License is a common license type, but it comes with a couple of restrictions. For example, all the work used from an original source must be free and the code must be shared.
- Most times, companies want to be reimbursed for other people using their patents and software/ideas. Open source licenses, such as the GPL License, has very strict guidelines in regards to the distribution of such works.
- Creative Commons Zero v1.0 Universal License: This ceases any copyright claims on work that YOU create, and your code is accessible and usable for the public.
- Open Source MIT License: The MIT License, a very common license type, allows for the free distribution and creation of code. The only slight requirement that accompanies the MIT License is a citation of the original author’s name or a link to their original repository.
- OPINION: I believe that the MIT License is the best license to use. The MIT License provides the best balance between being able to utilize code, and the original creators of repositories still getting credit. On previous coding projects before CSP, I have used the MIT License, so that if any of my peers want to use snippets of my code, the MIT License easily permits that.
- LEGAL & ETHICAL OPINION: Though open-source and free distribution is something that can promote education and collective sharing, I believe that it is very important that some software stay secure and only with the original company. Some companies work very hard on developing their own methodologies of creating software, and if that is something that keeps their income above other companies in terms of competition, it is something that they should keep secure to themselves.
5.5 Blog Post Reflection:
- When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your personal blog. (DONE ABOVE)
- In your blog, summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic. (DONE ABOVE)
- Make a license for your personal (blog) and Team repositories for the CPT project. Be sure to have a license for both Team GitHub repositories (frontend/backend). Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.
For both the Team CPT Project Repository and for my personal blog, we decided to use the MIT License. The main motivation behind using the MIT License for both repositories was that it is a very permissive license, and it promotes open-source code usage. For instance, in our CSP Community, if another group is struggling with a code snippet to incorporate a feature similar to something we have on our group project, they should be able to refer and even use code snippets from our repository, and just cite our names. The same applies for my FastPages. There are many Jupyter Notebook Blog Posts on my Personal FastPages, and some of the code snippets are difficult to get working results, so if someone needs to refer or use some of my code snippets, under the MIT License, they should be able to use it.
5.5 Extra Reflection & Research:
To learn more about GitHub License Usage, I read and analyzed an article published by GitHub titled, “Open source license usage on GitHub.com” (https://github.blog/2015-03-09-open-source-license-usage-on-github-com/). This article highlighted the top licenses used (by percentage) by all users on GitHub. According to the article, here were the top 10 licenses on GitHub by percentage:
- MIT LICENSE: 44.69%
- Other: 15.68%
- GPLv2: 12.96%
- Apache: 11.19%
- GPLv3: 8.88%
- BSD 3-clause: 4.53%
- Unlicense: 1.87%
- BSD 2-clause: 1.70%
- LGPLv3: 1.30%
- AGPLv3: 1.05%
Then, the article shows a graphic showing how over time, the licensing percentages have exponentially increased. This is likely because as time goes on, more developers on GitHub want to share code with the public and choose licenses which allow for free distribution and usage of their code. In this graphic, it shows that in 2008, there were almost 0 GitHub Developers who utilized any sort of licenses, likely because of the lack of awareness or relevance surrounding sharing and distributing code. Then, starting in 2013, there was a massive rise of approximately 20,000 developers who used licenses, and in 2015, this number rose to approximately 80,000 developers. Now that it is 2023, and programming has become increasingly open-source and shared, I’m sure that the number has risen to close to 250,000 developers, since more and more young people have become invested in creating software projects on GitHub.
5.6 IMPORTANT NOTES:
- PII stands for Personal Identifiable Information, which are pieces of information that are unique to each person. This can include a person’s email address, home address, SSN, and tax records.
- PII should be kept secure to yourself and not shared with anyone, including family members (unless you are a minor), as ANYONE can steal your information, and your information being stolen can result in your life staying on pause for a long time.
- Multi-Factor Authentication: This is a very secure and now more commonly used type of authentication which requires a second step of authentication, such as entering a texted or emailed code.
- Phishing: A method to motivate someone to click and receive some sort of reward, prize, or information. This can then lead someone towards a malicious link.
- Symmetric Encryption: Only one key is used to encrypt electronic information.
- Asymmetric Cryptography: This uses a paired public and private key to encrypt/decrypt information and protect it from any unauthorized usage.
- There are many usages of viruses and malware on the IoT to compromise your machine.
5.6 Blog Post Reflection:
1. Describe PII you have seen on project in CompSci Principles: One of the primary examples of PII I have seen in projects in Comp Sci are user account login information. This includes usernames and passwords to accounts on websites which contains important information for users.
2. What are your feelings about PII and your personal exposure?: I feel that PII is extremely important, and personal exposure is a very real risk in today’s world. This is why it is very important that we have secure passwords and that we keep our own personal information close to ourselves.
3. Describe good and bad passwords? What is another step that is used to assist in authentication.: Good passwords are passwords that contain a sort of complexity. This means having a password length of at least 8-10 characters, and having a variety of special characters, uppercase and lowercase letters, and numbers in the password so that the passwords are difficult to crack. Bad passwords are passwords that are easy to guess and are of very short length. Another step used to assist in authentication is multi-factor authentication, which sets two steps to confirm a user’s account creation, login, or deletion. Another step that helps with authentication is the enforcement of password complexity when a user creates an account, to make sure that passwords are secure upon creation.
4. Try to describe Symmetric and Asymmetric Encryption.: In symmetric encryption, only one key is used for both encryption and decryption of information. In asymmetric encryption, there are two keys: one public key and one private key. These keys are paired and are a more secure method of authentication.
5. Provide an example of encryption we used in AWS Deployment: An example of encryption we utilized in AWS Deployment was Certbot. Certbot converts our sites from HTTP –> HTTPS Authentication, which uses SSL encryption to encrypt requests and responses.
6. Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.: I have never learned about a phishing scheme the hard way, since I always prioritize keeping my passwords secure and following proper steps to not fall prey to such attacks which can compromise my personal information. One very common phishing technique is through the email phishing technique, where a common/unsuspicious subject is used and an email is sent with an unknown email address, asking you to open a link to give information, or asking you to open a link which will download malware onto your system.
5.6 Extra Reflection & Research:
I did a lot of research about password hashing and keeping secure passwords and other methods to stay safe. Here were some of my findings:
On most websites, to ensure that user data is safe, they make sure that when an individual creates an account, the password meets a minimum password length and complexity check (special characters, capital letters, numbers). I really thought that this would be useful and pretty cool to implement on my group’s CPT, especially with the relevance that cybersecurity has in our world today.
Research (source: https://web.dev/sign-in-form-best-practices/)
From research, one of the main things I found to combat this issue is to use the “type” attribute. Using the attribute, the code can identify which inputs for a username OR password have invalid characters or do not meet specific requirements.
Therefore, using this feature, our site can make a specific password invalid if it were to not have enough characters or not enough complexity (by our own standards). This is definitely something that we will look to work on.
Furthermore, using the example from the OOP Hacks from the APCSP site, there is a way to encode passwords so that they are not readable in plain text. SHA256, which was used in the example, is not nearly the most secure hashing type, so we will do some more research to see which encryption method is the best to be utilized and we will use that.