CSCI E-1b
Fall 2024
http://jrsacher.github.io/e1b
Review Session Topics
Sections
- Cloud Computing
- Technology Stacks
- Web Development
- Internet Technologies
- Programming Languages
- Computational Thinking
- General Info
Cloud Computing
Slides
General
- Additional exam details will likely go out soon
- Released Friday, 12/13 @ 12:00 AM ET
- Due Wednesday, 12/18 @ 11:59 PM ET
- Use any and all non-human resources (but don’t copy directly!)
- Questions about the exam during that period need to be directed to Doug (lloyd@cs50.harvard.edu). Other staff will not reply
- Questions/comments/concerns?
Technology Stacks (and Databases)
Slides
General
- As always, look things up online for assignments!
- Exam planning
- Released Friday, 12/13 @ 12:00 AM ET
- Due Wednesday, 12/18 @ 11:59 PM ET
- Like a normal assignment but longer, a few questions from each lecture
- Will likely have a review session and/or office hours before the exam
- Questions?
Questions from previous Sections
- Examples of cross-platform mobile apps?
- The Flutter framework uses the Dart programming language to build unified apps. Examples include Ebay, Toyota, and various Google apps.
- The Xamarin framework lets you build platform-independent mobile apps using C#. Examples from their site include UPS, Alaska Airlines, and the American Cancer Society.
- React Native lets you develop in JavaScript for both iOS and Android. Some React apps include things Facebook owns (can’t believe I didn’t think of that!) – Facebook, Instagram and more; Tesla; Pinterest; Delivery.com; etc.
- Are there database “frameworks?”
- Not really “database frameworks,” but there are persistence frameworks that help applications communicate with databases.
- Object-relational mapping tools are frameworks used with databases, but not “database frameworks” themselves.
Web Development
Slides
Example Files
General
Resources
- W3 Schools
- HTML dog (links from the assignment)
Questions?
Assignment
- Start ASAP
- Look things up online!
- Be sure to use relative links so that it works on the Staff’s computers
- Alternatices to working in the environment provided
- VS Code for CS50 (online)
- VS Code
- Atom
- SublimeText
Internet Technologies
Slides
General
- Homework reminders
- Start early!
- Late work may be penalized (see policy in the syllabus)
- If there are extenuating circumstances, contact the staff
- Questions from the first homework assignment?
- I’m grading assignment 2 – hope to have it done this weekend!
- Other questions or concerns?
Topics
- Internet Alphabet Soup!
- See slides
Assignment
- Questions?
Questions from Previous Years
- How do you know what protocol is being used?
- You can see all of your computer’s internet connections by opening up a terminal (Mac) or command prompt (Windows) and running
netstat. I was able to see a whole bunch of TCP and UDP connections and identify what some of them (but not all) were. - There may be ways to more directly see what’s happening for a specific application, etc., but I don’t know them
- You can see all of your computer’s internet connections by opening up a terminal (Mac) or command prompt (Windows) and running
- DNS hijacking and HTTPS?
- It turns out security is only as good as its weakest link. If you’re able to redirect traffic to your site and get a valid certificate that says your site is “real,” HTTPS won’t protect you. (Source)
- In the Wikileaks case, their use of HTTPS Strict Transport Security provided a bit of added security, but didn’t prevent the hack from occurring
- People are coming up with new ways to make DNS more secure, such as DNSSEC, encyption methods and mores
- How are people exploiting internet-related vulnerabilities in the real world?
- DNS hijacking, as above and in the homework
- Cross Site Scripting (XSS), which allows people to add their code to the code sent by legitimate websites
- CROSS-SITE REQUEST FORGERY (CSRF), where a user ends up sending a request that wasn’t intended
- SQL injection attacks that gives an adversary access and/or modify information on your database.
- General lack of security practices (unencrypted passwords, unsecured databases, human error exposing credentials, etc.)
- In the news
- Equifax - 2017: vulnerability in the server’s software
- Facebook - 2018: Security tokens
- US Government website - 2020: SQL injection
- Twitter - 2010: XSS
- Facebook - 2019: CSRF (identified before any known breach)
- Indian Government - 2019: Unsecured database
- David Malan on security in general; Brian Yu with some more in-depth details
Programming Languages
Slides
Example files for compiled vs. interpreted languages (C and Python)
General
- Questions, comments, or concerns?
Topics
- Variables
- Conditionals
- Loops
- Functions
- Compiled vs Interpreted languages
Assignment
- Scratch
- Questions (that I can carefully try to answer)?
Bonus
Here’s a Scratch game I spent WAY too much time on!
Computational Thinking
Slides
Housekeeping
- Read the syllabus!
- General questions, comments, or concerns?
Topics
- Binary
- ASCII
- Colors
- Side note: Hex
- Abstraction
- Algorithms
- Pseudocode
- Memory
- Searching and sorting
- Data structures
- Arrays
- Linked lists
- Hash tables
General Info
Contact Josh. Other staff info can be found here.
Sections (feel free to attend whichever is convenient):
- Zoom link – the same for all sections
- Tuesday 6:00 – 7:30 pm ET with Greg
- Thursday 7:00 – 8:30 pm ET with Josh
Office hours:
- Office hours link
- Thur 7:00 pm – 8:30 pm ET with Josh
- Sun 10:30 am – 12:00 pm ET with Greg
- Potentially by appointment – ask your assigned TF
Grading - contact the correct TF for questions about the assignment or grading
- Greg:
- Quizzes 2, 3, 5
- Assignments 1, 4, 6
- Josh:
- Quizzes 1, 4, 6
- Assignments 2, 3, 5