[cs615asa] HW6 grades
Jan Schaumann
jschauma at stevens.edu
Sun May 14 22:41:03 EDT 2017
All,
I've sent out grades for HW6. With this, you have all the grades for
all assignments (assume full credit for the CtF unless you received
feedback for any of the levels that you would get partial credit) and
thus the ability to calculate your letter grade.
I will submit letter grades to the registrar most likely tomorrow,
Tuesday the latest.
A few notes on HW6:
- Many of you appear not to be aware of the "getopts" functionality
provided by virtually all programming languages, including the
standard bourne shell. Review this -- manually parsing command-line
options is more complicated than you think and you end up writing a lot
of unnecessary code if you try to do it yourself.
- Many of you had trouble identifying the correct user to ssh to the
instances as. This was a hidden complication that wasn't obvious from
the beginning, but you all had to solve it somehow. The interesting
thing here is how you tried to do that. You cannot try to log in as
one user and if that fails try the next one: failure to log in can
have any number of causes. Instead, you probably require an internal
mapping of instance descriptions to likely user accounts with a
fallback to 'root'. This is necessarily error prone; a flaw in the
program definition / requirements.
- Copying a file system hierarchy requires more than just "scp". At a
minimum, you need to recursively copy the source directory, but that
does not preserve ownership or permissions. "rsync" is a good
solution, but that's not available on all systems. "tar" is a better
solution.
- You can't copy data from the source instance directly to the target
instances, as that requires (a) SSH to be setup on the source instance
and (b) the source instance to be able to talk to the destination
instances. You need to copy data through your host, but at the same
time you have the problem that you do not want to locally store data
(scalability requirements make this tricky).
ssh host1 tar | ssh host2 tar
is one reasonable solution here.
- You can't assume that the aws command-line tools generate output in
text, nor can you assume it's json. If you are only prepared to
handle either format, then you need to explicitly request it.
- Don't use temporary files. You're going to get it wrong. Safely
handling temporary files is much more complicated than you think: you
need to account for the correct location (the current working
directory is not one), the creation of safe directories to avoid
e.g. symlink attacks, signal catching to clean up afterwards, etc.
etc.
Whenever you think "I know, I'll stash this info in a temporary file",
stick a needle in your eye to remind you that that's a bad idea.
- All of your git commit messages are useless. I don't think I've seen
a single meaningful commit message.
- Team work requires that you actually work as a team. Working
individually and then trying to mash together the two results is not a
good approach. Teams need to communicate and collaborate.
-Jan
More information about the cs615asa
mailing list