March 31

Getting going

Hi folks.

I hope that you're all doing as well as can be expected given the pandemic and all the recent stress.

At this point I am planning on holding a zoom session tomorrow at our regular time (11:30am EDT Tue March 31) and will send out an email with a link.

I've also set up a Question and Answer page here on our website, with a link over on the left. We'll see if that's a useful way to connect with each other.

The faculty is discussing Tuesday morning about whether or not to turn classes to pass/fail (with grades as opt-in for those who want them).

the rest of the term

We have about six weeks left in the term. I have several ideas about how we could use that productively given the current situation, and would like to hear your thoughts.

(0) cookies, tracking, ads, and all that : read & discuss

• zoom - privacy concerns, Facebook SDK gripes
  • zoom needs to clean up its privacy act | hackernews discussion
  • zoom's use of Facebook's SDK | hackernews discussion
  • zoom meetings aren't end-to-end encrypted | hackernews discussion
  • trolls breaking into zoom meetings | hn | youtube: crashing random college courses online
  • How the Zoom macOS installer does its job without you clicking ‘install’ | hn
  • zoom at your own risk
• what do "ad blockers" actually do : routers, DNS, pi-hole and all that.
  • see the links on my March 12 notes
• related DNS example
  • Cloudflare 1.1.1.1 for families | hn
• to do : find examples to document & explain

(1) group collaborative website project

• cooking recipes : post, browse, etc
• all the bells and whistles
  • domain name and "real" url
  • google adwords & analytics
• https via https://letsencrypt.org/ (and read about http vs https)
• 3rd party sign in (apple, google, facebook, ...)
• put in security holes ... exploit & then fix
  • allow js typed into a web form to make its way onto the page (i.e. in a recipe)
  • google "cross site scripting" and see some of its many forms
  • allow unsanitized SQL to get from form to database execution
• practice with the typical collaboration tools
  • github : github.com/MarlboroCollegeComputerScience/2020-internet-seminar
  • slack : marlboro-internet.slack.com
• deploy to the cloud; perhaps one of
  • heroku
  • nearlyfreespeech
  • AWS : elastic beanstalk (?) , S3 (static)

(3) "stealing the network: the complete series" : read & discuss a book

• amazon kindle $35
• 1082 pages | 42 stories | dated but very cool

(4) skillz & hacking

• installing public/private ssh keys
• nmap (maybe "nmap network scanning" book)
• training & practice
  • https://pwn.college/
  • https://ics-cert-training.inl.gov/learn
  • https://exploit-exercises.lains.space/
  • https://www.cybrary.it/
  • http://opensecuritytraining.info/Training.html

after class notes ... first virtual meeting.

• Everyone was here; we're all on the east coast.
• We agreed to continue synchronous meetings at our regular time.
• We're moving to pass/fail , with an option for grades.
• We agreed to read "stealing the network" book; will start with chapter 1
• We will do some readings on cookies & trackers ... discuss Thursday?
• You should send me github identities, and I'll set us us.
• I'll invite you to a slack workspace for us to try.
• I set a "tell me what you did this week" assignment due next Tuesday.