[cs615asa] HW3 graded

Jan Schaumann jschauma at stevens.edu
Sat Mar 19 14:30:46 EDT 2016 

Hello,

I've just sent out grades for HW3.  As usual, the comments and question
I provide are for your own study; there is no need to respond to me with
answers.

A few general notes:

1)
All of you could use more practice in the use of Unix.  The only way you
can become more comfortable in using Unix is -- shockingly -- by
actually using it.  That includes getting comfortable with a unix text
editor.

Please get in the habit of creating all your documents for this class on
linux-lab.  That includes text and html documents.  Please do not use
Microsoft Word or other tools and then generate HTML or plain text
content from those.

Knowing that students don't do anything unless you threaten them with
taking away points: If I observe this being done, I will indeed subtract
points.

2)
The questions I ask in these homework assignments always have two
objectives.  On the one hand, I actually do want to get an answer to the
question.  On the other, I want you to understand why I'm asking the
questions.

So you should (a) actually answer the question.  Describing how one
_could_ answer the question is not sufficient.  Do actually provide an
answer.  Do not claim that in the "real world" one would or could do X
or Y, but since somehow this isn't the "real world", you didn't.

You should (b) reflect on the question and think about why I'm asking
it.  What could you learn by looking for the answer?  In so doing, you
may find that elaborating on your answer might be useful.

Back up your answers with reasoning.

The more detail you show, and the more I see that you actually out some
thought into answering the questions, the easier it is for me to gives
you a good grade.


3)
The question regarding the possibility of a backdoor seems to have
tripped most of you.  A handwaving reply referencing various key words
related to the google terms "backdoor" and "vulnerability" is not what I
was looking for.

Similarly, simply stating "welp, no can do" is not sufficient, either.

Instead, you should consider how you would establish a high degree of
trust into the software.  How was the software retrieved (either by
yourself or by the package manager)?  How do you know you connected to
the right site?  How do you know the software was not manipulated in
transit?  If you mentioned signatures or checksums, think about what
they assert, and how you retrieved those.

These are important things for you to be aware of, so if you are not
familiar with asking these questions, please begin your research here.
We will continue to brush upon these topics, but we cannot cover all of
them in sufficient detail, so I'm looking for some independent learning
on your part.

-Jan

More information about the cs615asa mailing list