CSCI E-1b
Spring 2025
http://jrsacher.github.io/e1b
Sections
Web Development
Slides
Example Files
General
Resources
- W3 Schools
- HTML dog (links from the assignment)
Questions?
Assignment
- Start ASAP
- Look things up online!
- Be sure to use relative links so that it works on the Staff’s computers
- Alternatices to working in the environment provided
- VS Code for CS50 (online)
- VS Code
- Atom
- SublimeText
Internet Technologies
Slides
General
- Homework reminders
- Start early!
- Late work may be penalized (see policy in the syllabus)
- If there are extenuating circumstances, contact the staff
- Questions from the first homework assignment?
- I’m grading assignment 2 – hope to have it done this weekend!
- Other questions or concerns?
Topics
- Internet Alphabet Soup!
- See slides
Assignment
- Questions?
Questions from Previous Years
- How do you know what protocol is being used?
- You can see all of your computer’s internet connections by opening up a terminal (Mac/Linux) or command prompt (Windows) and running
netstat. I was able to see a whole bunch of TCP and UDP connections and identify what some of them (but not all) were. - There may be ways to more directly see what’s happening for a specific application, etc., but I don’t know them
- You can see all of your computer’s internet connections by opening up a terminal (Mac/Linux) or command prompt (Windows) and running
- DNS hijacking and HTTPS?
- It turns out security is only as good as its weakest link. If you’re able to redirect traffic to your site and get a valid certificate that says your site is “real,” HTTPS won’t protect you. (Source)
- In the Wikileaks case, their use of HTTPS Strict Transport Security provided a bit of added security, but didn’t prevent the hack from occurring
- People are coming up with new ways to make DNS more secure, such as DNSSEC, encyption methods and mores
- How are people exploiting internet-related vulnerabilities in the real world?
- DNS hijacking, as above and in the homework
- Cross Site Scripting (XSS), which allows people to add their code to the code sent by legitimate websites
- CROSS-SITE REQUEST FORGERY (CSRF), where a user ends up sending a request that wasn’t intended
- SQL injection attacks that gives an adversary access and/or modify information on your database.
- General lack of security practices (unencrypted passwords, unsecured databases, human error exposing credentials, etc.)
- In the news
- Equifax - 2017: vulnerability in the server’s software
- Facebook - 2018: Security tokens
- US Government website - 2020: SQL injection
- Twitter - 2010: XSS
- Facebook - 2019: CSRF (identified before any known breach)
- Indian Government - 2019: Unsecured database
- David Malan on security in general; Brian Yu with some more in-depth details
Programming Languages
Slides
Example files for compiled vs. interpreted languages (C and Python)
General
- Questions, comments, or concerns?
Topics
- Variables
- Conditionals
- Loops
- Functions
- Compiled vs Interpreted languages
Assignment
- Scratch
- Questions (that I can carefully try to answer)?
Bonus
Here’s a Scratch game I spent WAY too much time on!
Computational Thinking
Slides
Housekeeping
- Read the syllabus!
- General questions, comments, or concerns?
Topics
- Binary
- ASCII
- Colors
- Side note: Hex
- Abstraction
- Algorithms
- Pseudocode
- Memory
- Searching and sorting
- Data structures
- Arrays
- Linked lists
- Hash tables
General Info
Contact Josh. Other staff info can be found here.
Sections (feel free to attend whichever is convenient):
- Zoom link – the same for all sections
- Tuesday 6:00 – 7:30 pm ET with Greg
- Wednesday 7:00 – 8:30 pm ET with Josh
Office hours:
- Office hours link
- Wednesday 7:00 pm – 8:30 pm ET with Josh
- Sun 10:30 am – 12:00 pm ET with Greg
- Potentially by appointment – ask your assigned TF
Grading - contact the correct TF for questions about the assignment or grading
- Greg:
- Quizzes 2, 3, 5
- Assignments 1, 4, 6
- Josh:
- Quizzes 1, 4, 6
- Assignments 2, 3, 5