Quote:
If you spend enough time looking for exceptions and edge cases, you'll find them. When computers are involved, very few concepts apply 100% of the time.
Oh, I didn't spend a lot of time. All of that was stuff that I thought of as I was taking the quiz.
Quote:
About strong passwords: With a supercomputer, a good algorithm for launching brute-force attacks, and enough time, any password can be cracked.
That's not quite true. A good password will take centuries to crack even if hundreds of the worlds fastest, most well-suited computers use the best techniques and know exactly the method that the password was generated. In effect, good passwords
are uncrackable. At least, by the time they can be cracked, you'll be a little too dead to care.
I don't believe in "multi-factor authentication" as a security measure all that much. It's a band-aid solution to weak passwords. It's not even conceptually that difficult to bypass the second factor, because it's always unencrypted. All you need to do is hijack something like the user's phone. People's computers get hijacked all the time; I'd hazard to guess that at least a couple of others in this forum, right now, are running Windows computers that are a part of some sort of illegal botnet, either sending spam messages, or worse, without your knowledge. The most vulnerable people are those who are overconfident.
Quote:
If you just made a Gmail account, I would like to think that Google's servers would be able to detect if a bot is making millions of attempts to break into someone's account.
That's not how good password cracking is done. You get access to something you can use to verify passwords, then you run your password cracker against that on your own computer. If a cracker gets the necessary information, there's nothing Google can do. The strength of those passwords is everyone's last line of defense.
Quote:
However, on a practical level, bad actors are more likely to gain unauthorized access in another way - stealing your phone or computer, or guessing the correct answers on those "forget my password" prompts.
True. Simple phishing is the easiest way to figure out someone's password. The solution is, don't fall for them.
Don't click on a link in an email and then fill out your information. This is also why it's important to never reuse a password protecting something you care about.
Quote:
Seriously, those "forgot my password" prompts are usually TERRIBLE and are a major security hole, especially for banking accounts. Many of them consist solely of questions that could be answered using data from a social media account or on public records (your favorite pet and your favorite sports team are common examples).
Yeah, you should treat these questions as additional passwords. Randomly generate them and store them in your password manager, like any other password. I never put actual answers in these fields.
Quote:
If you ever edit an image and you don't understand the difference between a PNG and a JPEG, the results may not be pretty!
Yep, anyone who does image editing ought to know the basic image file types: PNG, GIF, JPEG, BMP, SVG, and of course, the most important of all... XPM! OK, maybe not that last one.
But then again, if you're more into music, you need to know the basic audio file types: WAV, MP3, Ogg Vorbis, Opus, FLAC, and AAC.
The
general thing that most people ought to understand isn't particular file extensions, but rather the difference between lossy compression and lossless compression, and of course what compression is in the first place. It's the same with compressed archives; you don't really need to memorize exactly what Zip, tar.gz, tar.bz2, tar.xz, and 7-zip files are, you just need to understand that these are (losslessly) compressed archives, and what an archive is.
RMS is apt to criticize technical people for a tendency to generalize everything. In the context of legal and ethical questions, he's right. But there's a good reason for that tendency: generalization, to the extreme, is how to be proficient at use of computers.
So if I were to assess something like "digital literacy" (which I would prefer to call proficiency in the use of computers), I would ask questions like these:
* What is a file?
A segment of information stored somewhere.* What is a directory?
A location for files to be located.* What is a filesystem?
A method used by a storage medium to store and organize files.* What is the difference between a journaling and non-journaling filesystem?
Journaling filesystems record changes to a "journal" before actually making them. This prevents loss of data in the event of a crash or similar.* What is binary?
A number system with only two digits: 0 and 1. For example, 13 in binary is 1101.* What is a bit?
A single binary digit.* What is a byte?
Eight consecutive bits which are grouped together.* What is the meaning behind the size of a byte?
None. Bytes have been different sizes in the past and could easily be different sizes in the future. The current use of 8 bits is simply due to the ASCII standard of encoding text.* In general, what is memory?
Any medium where information is stored.[ispoiler]
* What is RAM, and what is its purpose? [ispoiler]Random Access Memory. Temporary memory which is used to store temporary data which needs to be accessed quickly.* What is a ROM?
Read-Only Memory. Any sort of memory which cannot be written to.* What kind of memory is someone likely to be referring to if they just say "memory"?
RAM (Random Access Memory).* What is "paging" or "swapping", and why do you want to avoid it?
When there is not enough RAM for a program to use, permanent storage is used to prevent the program from crashing. Permanent storage (such as hard drives) is always slower to access and write to than RAM, so use of this technique slows down the system dramatically.* What is the benefit of increased permanent storage (e.g. hard drive) space?
It allows you to store more files.* What is the benefit of increased RAM?
It allows more programs to run without causing paging/swapping to occur.* What is a processor?
The component which is responsible for executing instructions.* What is a multi-core processor?
A processor which can process multiple separate instructions at one time in parallel.* What is the CPU?
The central processor of a computer; the "brain" of the computer.* What is a GPU?
A specialized processor dedicated to controlling graphical output.* What is the typical benefit of a multi-core CPU?
It allows more programs to run without competing for CPU time.* What is Hz (Hertz)?
Cycles per second.* When looking at the specifications for two processors, what specification will tell you which one is faster?
None. Too many factors go into how fast and efficient a processor is for a simple comparison to be made.* What is an architecture?
A type of processor which can execute instructions intended for other processors of the same type.* What is word size (8-bit, 16-bit, 32-bit, etc)?
The number of bits a processor natively uses when working on numbers. This is also typically the size of most registers, and in some cases it is the size of memory addresses.* What are the processor registers used for?
They store small units of information, such as single numbers, so that the processor can act on them efficiently at a low level. Typically, these are simple math operations.* What is the advantage of having a 64-bit CPU instead of a 32-bit CPU?
It allows the processor to handle numbers as large as 2^64 efficiently, which means the processing of numbers this large will be faster than on a 32-bit CPU.* How much RAM can a CPU with 32-bit memory addresses access, and why?
2^32 bytes because 2^32 is the number of possible numbers that can be contained in 32 bits.* Is the memory address size always the same as the word size?
No. The memory address size is often larger. For example, most 8-bit CPUs had 16-bit memory addresses, and PAE-enabled (i686) x86 CPUs have 36-bit memory addresses.* What is a file archive?
A file which is used to contain files within it. Some common examples include Zip files and tarballs.* What is compression?
A technique to reduce the size of a file by using algorithms.* What is the difference between lossless and lossy compression?
Lossy compression algorithms allow certain data to be lost in order to achieve a smaller size. Lossless compression never discards any data.* Why is lossy compression useful?
For some cases, such as photos and music, certain parts of the data is either imperceptible to humans or otherwise unnecessary.* Why is lossy compression dangerous?
Repeated lossy recompression of data leads to degrading quality over time.* What is the benefit of re-saving a lossily compressed photo as a lossless image?
None. The resulting losslessly compressed image will have the exact same data, just in a larger file size. It is only useful to save modified versions of the image in a lossless format.* If you have a photo with a sign you cannot read, what tool can you use to enhance the photo enough to enable you to read it?
None. That would be magic, and there is no such thing as magic.* If someone covered up the lens of your camera while you tried to take a photo, what tool would you use to digitally remove the hand so that you can see behind it?
None. That's impossible. You and your magic tricks again...* What is malware?
Any program which is designed to do something malicious.* What is a virus?
A type of malware which modifies programs on a computer to propagate itself when they are run.* What is spyware?
Malware which is designed to track a user's activity without said user's consent.* What is a trojan horse?
A type of malware which is disguised as a useful program, prompting the user to execute it.* What is adware?
Malware which is designed to show advertisements to the user.* What is a worm?
A type of malware which attempts to replicate itself onto other computers through networks.* What is a rootkit?
A type of malware designed to give an unauthorized parties access to a computer.* What is ransomware?
Malware which is designed to lock the user's access to their own files, typically by using encryption, until a ransom is paid to the perpetrator.* Why is it unsafe to open suspicious email attachments?
Because they may be malware disguised as something else, or they may contain malicious scripts.* Why is it unsafe to navigate to certain websites?
Because Web browsers typically execute JavaScript code requested by a Web page, which can be exploited.* How can you best ensure the integrity of a program, developed by a trusted party, which you have downloaded?
Check the file for a valid signature from the developer.* What is a signature?
A string of text which can only be generated by one person possessing a secret key, which verifies that a file has been unmodified.* What is encryption?
A method to encode information in such a way that only one person possessing a secret key can read it.* Why is encryption important?
It protects sensitive data from being accessed by unauthorized parties.* What is a checksum or hash?
A string of text which identifies another piece of data, such as a file, as being unchanged.* What is the difference between a signature and a checksum or hash?
Signatures can be generated only by certain people, while checksums can be generated by anyone.* What is the primary purpose of a checksum or hash?
To identify accidental data corruption.[ispoiler]
* What is an operating system? [ispoiler]The collection of software which provides an environment for all other software to run on.* What is a terminal emulator?
A program which gives the user access to a command-line interface in an otherwise graphical environment.* What is a file extension, and what is its purpose?
A short suffix to file names, preceded by a "." character, used to help programs determine its purpose.* What is a network?
A collection of computers which communicate with each other.* What is the Internet?
A loose connection of thousands of networks all over the world.* What is the World Wide Web, and how does it relate to the Internet?
A network of servers providing websites, accessed through the Internet.* What is a server?
A computer which is designed to provide a service of some kind through a network or the Internet.* What is a client?
A computer or program which is making use of a server.* What is an IP address?
A unique identifier for every computer connected to a network, and every computer or network connected to the Internet, so that computers can send information to each other.* What is an ISP?
A company or other entity which provides the service of connecting a computer or network to the Internet.Ha, I started out listing just a few examples and ended up listing every question I could think of... xD
[quote]If you spend enough time looking for exceptions and edge cases, you'll find them. When computers are involved, very few concepts apply 100% of the time.[/quote]
Oh, I didn't spend a lot of time. All of that was stuff that I thought of as I was taking the quiz.
[quote]About strong passwords: With a supercomputer, a good algorithm for launching brute-force attacks, and enough time, any password can be cracked.[/quote]
That's not quite true. A good password will take centuries to crack even if hundreds of the worlds fastest, most well-suited computers use the best techniques and know exactly the method that the password was generated. In effect, good passwords [i]are[/i] uncrackable. At least, by the time they can be cracked, you'll be a little too dead to care.
I don't believe in "multi-factor authentication" as a security measure all that much. It's a band-aid solution to weak passwords. It's not even conceptually that difficult to bypass the second factor, because it's always unencrypted. All you need to do is hijack something like the user's phone. People's computers get hijacked all the time; I'd hazard to guess that at least a couple of others in this forum, right now, are running Windows computers that are a part of some sort of illegal botnet, either sending spam messages, or worse, without your knowledge. The most vulnerable people are those who are overconfident.
[quote]If you just made a Gmail account, I would like to think that Google's servers would be able to detect if a bot is making millions of attempts to break into someone's account.[/quote]
That's not how good password cracking is done. You get access to something you can use to verify passwords, then you run your password cracker against that on your own computer. If a cracker gets the necessary information, there's nothing Google can do. The strength of those passwords is everyone's last line of defense.
[quote]However, on a practical level, bad actors are more likely to gain unauthorized access in another way - stealing your phone or computer, or guessing the correct answers on those "forget my password" prompts.[/quote]
True. Simple phishing is the easiest way to figure out someone's password. The solution is, don't fall for them. ;) Don't click on a link in an email and then fill out your information. This is also why it's important to never reuse a password protecting something you care about.
[quote]Seriously, those "forgot my password" prompts are usually TERRIBLE and are a major security hole, especially for banking accounts. Many of them consist solely of questions that could be answered using data from a social media account or on public records (your favorite pet and your favorite sports team are common examples).[/quote]
Yeah, you should treat these questions as additional passwords. Randomly generate them and store them in your password manager, like any other password. I never put actual answers in these fields.
[quote]If you ever edit an image and you don't understand the difference between a PNG and a JPEG, the results may not be pretty![/quote]
Yep, anyone who does image editing ought to know the basic image file types: PNG, GIF, JPEG, BMP, SVG, and of course, the most important of all... XPM! OK, maybe not that last one.
But then again, if you're more into music, you need to know the basic audio file types: WAV, MP3, Ogg Vorbis, Opus, FLAC, and AAC.
The [i]general[/i] thing that most people ought to understand isn't particular file extensions, but rather the difference between lossy compression and lossless compression, and of course what compression is in the first place. It's the same with compressed archives; you don't really need to memorize exactly what Zip, tar.gz, tar.bz2, tar.xz, and 7-zip files are, you just need to understand that these are (losslessly) compressed archives, and what an archive is.
RMS is apt to criticize technical people for a tendency to generalize everything. In the context of legal and ethical questions, he's right. But there's a good reason for that tendency: generalization, to the extreme, is how to be proficient at use of computers.
So if I were to assess something like "digital literacy" (which I would prefer to call proficiency in the use of computers), I would ask questions like these:
* What is a file? [ispoiler]A segment of information stored somewhere.[/ispoiler]
* What is a directory? [ispoiler]A location for files to be located.[/ispoiler]
* What is a filesystem? [ispoiler]A method used by a storage medium to store and organize files.[/ispoiler]
* What is the difference between a journaling and non-journaling filesystem? [ispoiler]Journaling filesystems record changes to a "journal" before actually making them. This prevents loss of data in the event of a crash or similar.[/ispoiler]
* What is binary? [ispoiler]A number system with only two digits: 0 and 1. For example, 13 in binary is 1101.[/ispoiler]
* What is a bit? [ispoiler]A single binary digit.[/ispoiler]
* What is a byte? [ispoiler]Eight consecutive bits which are grouped together.[/ispoiler]
* What is the meaning behind the size of a byte? [ispoiler]None. Bytes have been different sizes in the past and could easily be different sizes in the future. The current use of 8 bits is simply due to the ASCII standard of encoding text.[/ispoiler]
* In general, what is memory? [ispoiler]Any medium where information is stored.[ispoiler]
* What is RAM, and what is its purpose? [ispoiler]Random Access Memory. Temporary memory which is used to store temporary data which needs to be accessed quickly.[/ispoiler]
* What is a ROM? [ispoiler]Read-Only Memory. Any sort of memory which cannot be written to.[/ispoiler]
* What kind of memory is someone likely to be referring to if they just say "memory"? [ispoiler]RAM (Random Access Memory).[/ispoiler]
* What is "paging" or "swapping", and why do you want to avoid it? [ispoiler]When there is not enough RAM for a program to use, permanent storage is used to prevent the program from crashing. Permanent storage (such as hard drives) is always slower to access and write to than RAM, so use of this technique slows down the system dramatically.[/ispoiler]
* What is the benefit of increased permanent storage (e.g. hard drive) space? [ispoiler]It allows you to store more files.[/ispoiler]
* What is the benefit of increased RAM? [ispoiler]It allows more programs to run without causing paging/swapping to occur.[/ispoiler]
* What is a processor? [ispoiler]The component which is responsible for executing instructions.[/ispoiler]
* What is a multi-core processor? [ispoiler]A processor which can process multiple separate instructions at one time in parallel.[/ispoiler]
* What is the CPU? [ispoiler]The central processor of a computer; the "brain" of the computer.[/ispoiler]
* What is a GPU? [ispoiler]A specialized processor dedicated to controlling graphical output.[/ispoiler]
* What is the typical benefit of a multi-core CPU? [ispoiler]It allows more programs to run without competing for CPU time.[/ispoiler]
* What is Hz (Hertz)? [ispoiler]Cycles per second.[/ispoiler]
* When looking at the specifications for two processors, what specification will tell you which one is faster? [ispoiler]None. Too many factors go into how fast and efficient a processor is for a simple comparison to be made.[/ispoiler]
* What is an architecture? [ispoiler]A type of processor which can execute instructions intended for other processors of the same type.[/ispoiler]
* What is word size (8-bit, 16-bit, 32-bit, etc)? [ispoiler]The number of bits a processor natively uses when working on numbers. This is also typically the size of most registers, and in some cases it is the size of memory addresses.[/ispoiler]
* What are the processor registers used for? [ispoiler]They store small units of information, such as single numbers, so that the processor can act on them efficiently at a low level. Typically, these are simple math operations.[/ispoiler]
* What is the advantage of having a 64-bit CPU instead of a 32-bit CPU? [ispoiler]It allows the processor to handle numbers as large as 2^64 efficiently, which means the processing of numbers this large will be faster than on a 32-bit CPU.[/ispoiler]
* How much RAM can a CPU with 32-bit memory addresses access, and why? [ispoiler]2^32 bytes because 2^32 is the number of possible numbers that can be contained in 32 bits.[/ispoiler]
* Is the memory address size always the same as the word size? [ispoiler]No. The memory address size is often larger. For example, most 8-bit CPUs had 16-bit memory addresses, and PAE-enabled (i686) x86 CPUs have 36-bit memory addresses.[/ispoiler]
* What is a file archive? [ispoiler]A file which is used to contain files within it. Some common examples include Zip files and tarballs.[/ispoiler]
* What is compression? [ispoiler]A technique to reduce the size of a file by using algorithms.[/ispoiler]
* What is the difference between lossless and lossy compression? [ispoiler]Lossy compression algorithms allow certain data to be lost in order to achieve a smaller size. Lossless compression never discards any data.[/ispoiler]
* Why is lossy compression useful? [ispoiler]For some cases, such as photos and music, certain parts of the data is either imperceptible to humans or otherwise unnecessary.[/ispoiler]
* Why is lossy compression dangerous? [ispoiler]Repeated lossy recompression of data leads to degrading quality over time.[/ispoiler]
* What is the benefit of re-saving a lossily compressed photo as a lossless image? [ispoiler]None. The resulting losslessly compressed image will have the exact same data, just in a larger file size. It is only useful to save modified versions of the image in a lossless format.[/ispoiler]
* If you have a photo with a sign you cannot read, what tool can you use to enhance the photo enough to enable you to read it? [ispoiler]None. That would be magic, and there is no such thing as magic.[/ispoiler]
* If someone covered up the lens of your camera while you tried to take a photo, what tool would you use to digitally remove the hand so that you can see behind it? [ispoiler]None. That's impossible. You and your magic tricks again...[/ispoiler]
* What is malware? [ispoiler]Any program which is designed to do something malicious.[/ispoiler]
* What is a virus? [ispoiler]A type of malware which modifies programs on a computer to propagate itself when they are run.[/ispoiler]
* What is spyware? [ispoiler]Malware which is designed to track a user's activity without said user's consent.[/ispoiler]
* What is a trojan horse? [ispoiler]A type of malware which is disguised as a useful program, prompting the user to execute it.[/ispoiler]
* What is adware? [ispoiler]Malware which is designed to show advertisements to the user.[/ispoiler]
* What is a worm? [ispoiler]A type of malware which attempts to replicate itself onto other computers through networks.[/ispoiler]
* What is a rootkit? [ispoiler]A type of malware designed to give an unauthorized parties access to a computer.[/ispoiler]
* What is ransomware? [ispoiler]Malware which is designed to lock the user's access to their own files, typically by using encryption, until a ransom is paid to the perpetrator.[/ispoiler]
* Why is it unsafe to open suspicious email attachments? [ispoiler]Because they may be malware disguised as something else, or they may contain malicious scripts.[/ispoiler]
* Why is it unsafe to navigate to certain websites? [ispoiler]Because Web browsers typically execute JavaScript code requested by a Web page, which can be exploited.[/ispoiler]
* How can you best ensure the integrity of a program, developed by a trusted party, which you have downloaded? [ispoiler]Check the file for a valid signature from the developer.[/ispoiler]
* What is a signature? [ispoiler]A string of text which can only be generated by one person possessing a secret key, which verifies that a file has been unmodified.[/ispoiler]
* What is encryption? [ispoiler]A method to encode information in such a way that only one person possessing a secret key can read it.[/ispoiler]
* Why is encryption important? [ispoiler]It protects sensitive data from being accessed by unauthorized parties.[/ispoiler]
* What is a checksum or hash? [ispoiler]A string of text which identifies another piece of data, such as a file, as being unchanged.[/ispoiler]
* What is the difference between a signature and a checksum or hash? [ispoiler]Signatures can be generated only by certain people, while checksums can be generated by anyone.[/ispoiler]
* What is the primary purpose of a checksum or hash? [ispoiler]To identify accidental data corruption.[ispoiler]
* What is an operating system? [ispoiler]The collection of software which provides an environment for all other software to run on.[/ispoiler]
* What is a terminal emulator? [ispoiler]A program which gives the user access to a command-line interface in an otherwise graphical environment.[/ispoiler]
* What is a file extension, and what is its purpose? [ispoiler]A short suffix to file names, preceded by a "." character, used to help programs determine its purpose.[/ispoiler]
* What is a network? [ispoiler]A collection of computers which communicate with each other.[/ispoiler]
* What is the Internet? [ispoiler]A loose connection of thousands of networks all over the world.[/ispoiler]
* What is the World Wide Web, and how does it relate to the Internet? [ispoiler]A network of servers providing websites, accessed through the Internet.[/ispoiler]
* What is a server? [ispoiler]A computer which is designed to provide a service of some kind through a network or the Internet.[/ispoiler]
* What is a client? [ispoiler]A computer or program which is making use of a server.[/ispoiler]
* What is an IP address? [ispoiler]A unique identifier for every computer connected to a network, and every computer or network connected to the Internet, so that computers can send information to each other.[/ispoiler]
* What is an ISP? [ispoiler]A company or other entity which provides the service of connecting a computer or network to the Internet.[/ispoiler]
Ha, I started out listing just a few examples and ended up listing every question I could think of... xD