Legal and Ethical Concerns
- General Public Licensing (GPL): free software licensing, work and derivative work is free
- Contrast with Qualcomm, which makes money off of closed-source code
- Company had (at last estimate) 23 lawyers analyzing code each week
- Copying code is okay sometimes, but the type of license the original code has matters
- Creative Commons: adds work to public domain
- MIT License: Can use code freely, make + sell closed source version
- GPL: People can do anything except make closed source version
- Qualcomm delivers code in parts (closed source), customer needs to piece it back together
- Pirating is illegal
- Difference between using Open Source code for education and using it as base for profitable software
Actions
- MIT license: only requires preservation of copyright and license notices. Modified works can be distributed under different terms (such as w/o attribution)
- Apache 2.0: Requires preservation of copyright and license notices. Like MIT license, but contributors also give permission for patent rights.
- GNU General Public License v3: Requires copyright and license notices. Like Apache 2.0, but focuses on making full source code of derivation and larger works available.
- I chose the MIT license for my personal project because in the future I want anyone who wants to use my code as a base to be able to, with proper credit and preservation of copyright.
Safe Computing
- Need to find balance between sharing information on social media and protecting privacy
- Sometimes you want to share information (like on Linkedin) but also avoid sharing too much on Facebook as it can be found through Linkedin info
- Avoid sharing PII: SSN, phone number, bank account, etc.
- Beware of phishing scams (unoffical emails with strange addresses that ask for login details/PII) and malware
- Use 2FA or MFA when possible
- Biometrics (fingerprint/face/eye scan) are used for security
- Internet can be used for malicious purposes (stalking, ransomware, viruses)
Actions
- Names, email, school, and faces are on (previous) PBL projects
- I dislike unknown parties having my PII and using it to target ads, but past a certain point it’s frustrating to avoid information collection.
- Good password: combination of letters, numbers, and symbols. Either memorize a random string or come up with something that has meaning to you so you don’t forget.
Bad password: password123! or any variation thereof.
- Symmetric encryption uses the same key to encrypt and decrypt, which is why the key needs to be secret. Asymmetric encryption uses two different keys to encrypt and decrypt, which is why there are public and private keys.
- AWS uses a public key for deployment.
- A phishing attempt asking me to log into my Google account to confirm my sessions on different devices. Another method I’ve seen is a notification saying that you’ve won a prize and need to enter your information right now to claim it.