5.5

Reflection

  1. When creating a repository in GitHub, you are given many different options for license types, including GNU GPL v3.0, MIT License, Apache License 2.0, and GNU GPL v2.0. All these licenses call for your repository to remain an open source of code, which different requirements for people using your code. For example, MIT License states that the owner’s software may be used, modified, and distributed by other people with credit given to the owner, completely for free. This will most likely be the most common license for this class, as it allows you to do whatever you want as long as you include the original copyright and license notice in any copy of the software/source.
  2. I learned that licensing is pretty complicated and there are many different options depending on how private the owner of the software wants it to be. Digital rights are also important because they allow for an agreement between companies and consumers online, such as social media platforms and music streaming platforms and distributors.
  3. My personal blog already came with an Apache License v2 when I cloned it from the template. For our group frontend repo, we have a MIT License because we want to let anyone use our code, just give credit to us and acknowledge the license. Same for our backend repo as well. In order to update or add a license, we needed to create a file called LICENSE and use the MIT License template in GitHub. We entered the copyright year as 2023 under the name TripleAJ. Both repos are now licensed with an MIT License.

5.6

Reflection

  1. In CSP, we’ve had to sign up on Slack, which we signed in using Google, therefore Slack has access to PII that is stored in personal Google account. As for our group project, we will be collecting only a user’s full name in order for it to be displayed on the leaderboard. Other information that will be collected includes a uid, password, and number of tokens. No emails or personal info will be collected.
  2. I’ve been taught to be very cautious with PII online as my dad is a software engineer for HP and he knows the risks of personal exposure online. For this reason, I’ve been pretty secretive about my identity online and choose not to enter personal information or customize accounts if given the option.
  3. A good password could be based off of an inside joke or second language that you speak, whereas a bad password is something like a common phrase or series of characters that is easy to guess. Another step that is used to assist in authentication is 2FA, which is highly secure as it requires your account info to be accurate. How it works is it will send a code to the email or phone number that is linked to your account and you must tell it that code in order to authenticate that it’s really you who is trying to access your account.
  4. Symmetric encryption is when a single string of characters is scrambled/encrypted in one step and can be decrypted in one step. Asymmetric encryption is when information is encrypted using both a public and private key. This is how the deploy and security keys are set up in my fastpages repository.
  5. In AWS, we used symmetric encryption when we created the instance
  6. I don’t recall an instance where I’ve been a victim of a phishing attack, but I am aware that one of the most common techniques is through email. A phisher will try to make themselves seem like they’re part of an organization to disguise their scam.