Hi Sir Henry. Harare today, great. How are you feeling? How was your week? And pretty good. You do much computer science topics and such. We had a computer science project, but it's pretty easy. Nice about to hear that. How are you feeling about your exam? While our test results from last time, for which one? The one we did in class. Yeah, the one we did in class. But okay, I needed more practice. Yeah, I agree. I think you did really well. I just want to maybe spend a bit of time today reviewing some of the questions, teaching you about some of the security stuff. So you're you're updated on that to make sure you're good. And and then as usual, I'm open to anything you wanna do. So unless you have something particular in mind right now, we can start with that and then move on to that, to what you have in mind later or and you can tell me now if youlike, I'm not sure how you want to do it. I think we can move on with the service or the test. Sure then I'll do the test and then I'll ask you again later. And then if you have any questions or any it's gone. The questions are gone. If you have any questions or anything as usual or anything you want to cover as usual, please let me know. Okay, so I remember what you got wrong. What you got right. So you got wrong this question, I believe. Yeah this one was just a small mistake, so let's not cover it. You just I think you understood, right? So one here and then I think you accidentally put zero. Yeah you put zero, zero, one, one, one, one, zero but that doesn't add up since this is negative. One, two, eight. And so this one I've added, I think the actual answer or something closer to this or something like that, see how it's that that seems maybe right. 60 432. Yeah, not really. Well, regardless, it was a small error, so let's not to cover that. The other thing was this one here you circled hard disk drive, ssd and ram. So do you know what a cd is? A compact disk Yeah. So here to store optical data. Yeah exactly. So primary is stuff like Yeah cpu ram. Wrong. And then and then secondary is always going to be like, Oh, long term long term storage that you can actually use pretty quickly, right? So that's hdd hard disk drive. Ves is the one with the spinning thing, cd because you just slot it in the machine and then ssd, which is just put in your computer and you have tertiary. I don't know if you heard of that tertiary. No, Yeah. I mean, this is not used anymore, but things like magnetic tape, this was used back, actually, this is interesting. Back in the sixs and 70s, what they would do is theyhave big coils of magnets with ones and zeros, and the magnets would be flipped, if it's a one, and if it's a zero, be flipped the other way around. Yeah, Yeah, Yeah, Yeah. It would take off. Yeah, Yeah. They went to space with that. They had a total one exactly, you know it well and then they had these big, big huge tapes and they would just, they would use that. So I find that interesting. So just remember that a cd is secondary storage and then tertiary would be something magnetic tape. Just think something old that is long term storage. Then this one didn't go too well. So this one you got, I think here you put operating system, which you got reoperating system. The operating system is run on firmware, which is run on the cpu. Let's check in software vise services. The computer requires an example is utility software. So this would be application. So do you know the difference between some of these words? Because they're just definition, really definitions. Application is just things you can download that is not required but to improve functionality. Yeah, exactly. I'm trying to wonder if I didn't think the king system is an interface for the user to interact more efficiently. The computer. What else I did? I'm just making sure that I'm not feeding your wrong information. Yes. So I wasn't feeling eding you the wrong information. This is system, not your system software, and this is application channel. There you go. And this is hardware. So this is not very intuitive, but basically these are the definition tions. So system software provides the services that the computer requires. So like when you see the word utility software. Think like like File Explorer Yeah and then that would be system. So you got that. You were just telling it to me right now and you were you got that right? So just think about that for next one system software. But I think you've got it now. Application software is things like Minecraft. I forgot maybe I asked you this question already. I asked my students often, do you guys, do you still play Minecraft? Is that still a thing? I mean, I do. I mean, I do Redstone and also pvp. You do Redstone? Oh, no way. Yeah, I used to do. I used to do Redstone too, like flip flops, teflip flops, right? Yeah, tried to learn it. I built my own cca and then that's it. You create your own cp. That is wild. Yeah, no, I remember Yeah I remember trying to do my three by three doors. It's easier now with the slime blocks. Before it was tough anyway, that's even used now though. Yeah it's not even used slime blocks. No, not for the two bmaybe, not for two bite. Oh man. No. Yeah, I used to double pissing extended. Well, anyway, Yeah. Okay. So you still play Minecraft? Yeah. So Minecraft would be an app, right? But I guess an app you can use on the computer operating system. So if you see the word firmware and you're like, and they're asking for what's run on the firmware, it's always gonna to be the os, even though it's not, but it's gonna to be the os. They're dlying to you, but that's what they want. The os, which is the operating system and firmware is run on hardware, obviously. So you've got the way they layer it is you have at the bottom, you've got hardware that makes sense, right? It's wires, it's electricity, it's cables. Then you've got firmware. And the way to see firmware is do you remember when I was talking about the wrong Yeah and I was saying that there's like, Oh, the the the booup mechanism is on the wrong m, if that makes sense. The read only memory Yeah that that boot up software, that boot up algorithm on the rom is run on the firmware. So that might be like your bios, for example, right? Yeah. Have you seen the bios before in a computer? No so basically what that is, it's a boot up b so if ever you hold like if you hold f twelve, you should it's f twelve f twelve on a new boot like your computer, maybe you can try it next time you do that. Okay, that's Oh Yeah then that's vokay nice, right? Yeah. So so so your bios is running on stuff from the ram and that is running on the firmware because the bios is created by like literally created by the people who sell you the the the computer. Yes, Yeah. Cpu, sorry, exactly. So you can you can access the bios there and that's memory from the ram and boot it on there, and that's the firmware basically. And then the operating system is run on top of that. So the os is booted by the firmware. So if ever you've installed Linux on your computer, you'll have done a thing where you're like, Oh, this is my boots configuration. And then you put like you put Linux and like windows and you've got like a configuration and that your firmware boots your os, or what it does basically is it loads the load packages on your ram and then the boos takes it from there. And then applications are run on the os and system basically is run also on the os, but it's kind of on a playing field underneath application. So you've got application. You've got application and you've got system. In Linux, it's we call that the kernel, which you know this is a very simplified representation of the kernel, but we call that the system, the kernel. And then you've got the os, then you've got the firmware here. So that would be the bios, the wrong loaded stuff. And then you go the hardware firwhere are it can also be, for example, like a driver. So for example, for a GPU, you might sometimes you need a driver or for your like for your microphone. So basically it's just a way for your hardware to interact with your software on the os. Cool. Another thing was here. Describe a boot force attack. Eight A. I don't know. I don't think you got something. Let me check again. We did it and we did together. Yeah but I think there's something else. There's eight C. I think that we that we didn't get quite right. Let me check. Yeah, it's it's sy, I think we we got that one wrong. Yeah. So two security questions that could help. So here youhave two factor. Select phone Yeah so you know when when you sign it to Google and say, Oh, click on the right number and it shows you like 49 or something and you have to click 49 on your phone Yeah so you've got that one. And then another big brute force kind of measure is you can say something dumb like dumb, but you can say something like fingerprint, right? Or like biometric data. Biometric data. Data like that. So like two factor authorization, fingerprint, biometric data. And if you want some more stuff you can make like use one of your things were more like Oh, longer password, but they're looking for like complex instead of longer. That's the keyword. Complex passwords. Let's not spend two hours on this. So a robot, what is a robot? Any ideas? Birthey're going back. Sorry, I think my Internet went, Oh, no, no, no worries, no worries. Whatever. You're back. Let me know where you can write it down. Just what to you as a robot? Without looking at this question, don't even look at it. What to you as a robot? Sorry. Like where to use a robot? No. What is a robot? Yeah. What is a robot to you? Like the definition of a robot. Something that can. They autommachinery automated machinery Yeah and anything else. That is programmable. Yeah it's a pretty good pretty good definition. I would agree with you. Unfortunately, that's wrong by cie standards. So Yeah, so that's that's not fun, but it just means that you need to memorize what their definition of a robot is. So for them, let's say let's add this here. Boom, maybe this wetext, this that's it's basically a here you go mechanical structure. And you've got to have the word mechanical window there slash mechanical structure and two basically that has electrical components with electrical components. So that's basically that. So here you could say something like has might have sensors or actuators, right? And that would be a valid answer here. So you do have to get these correct. It is necessary. And you might just have to learn these by heart because unfortunately they won't give you the points. Otherwise, if they give you like, Oh, what's the advantage of using a robot? You can basically say something like, Oh, more, why is it. You can see something like more strength does not get tired, does not get tired, right? And then you can say something else like, Oh. Two can do mundane. Indefinitely. So that's kind of what what did it's and then give one disadvantage to computers for using using robots to manufacture large pieces of furniture. Well, here, you know it's expensive to set up. You need skill. So expensive is always a good thing for robot long setup time. These these will basically get done and then if malfunction. No production and just make sure you look always at the context. This is about a company that produces furniture. So add that in there, say no furniture, right? So no, nothing. Quality could be one. I think I heard you say quality like quality could could be definitely something for sure. But Yeah, once you say these things, it basically that's where you get your points. Okay. And now here a student uses the Internet for the schoolwork to research what is meant by forming. So what do you know about cybersecurity? What do you know? Like I'm just going to pull out your syllabus here on the left trying to teach you whatever is in the syllabus and just let me know what you know what you don't know about about just cybersecurity in general. So the attacking methods of attacking a server or encryption and methods of preventing attacks or stopping them, that's all. If I ask you what's DDoS. It's the overloading of a server by sending. It's not overloading but cramming the server with useless information. Exactly what's a dos? What's the difference between a dos and a DDoS? I forgot. So basically, ddothis was popular. In fact, when I was learning about cybersecurity dos, do you remember what that stands for? I think you you said what what it is, but I don't know if you said what it stands for. No, I, no, no problem at all. It, Stanford distributed denial of service. Oh, my God, this was, this was going to be smarter than I thought it was going to be, but not distributed denial of service. Basically what is the DDoS? Let's say I hate I hate Google or maybe Yeah, I hate Google. Google sucks. I want to take them down. You already know what I'm gonna to say, I think, but I'm just gonna to give you an actual demonstration of of how that works. So I hate Google. I want them to go down. I want them to lose millions because they fired me for my job, whatever. Basically when you have a server like this, it's kind of it's connected to a, to a router or a server, right? So this is the Google dot com. This is their domain. And then all the requests from the domain are routed to the server. And so you might have client a, client b, client c, and they all hit the server here. By the way, let me know if there's any connection problems because it says that the network is unstable. Is everything okay? Okay, can you hear me? Well Yeah it's a bit lagy but now I think it's pretty good. Okay, just just interrupt me if it's laggy and I'll switch to my data. I have my phone on me, I'm in a hotel right now so I'm kind of hoping that their prinnet is good but but if it starts sucking then let me know and I'm gonna I'll switch to my data. Okay I want you to get the most out of this. Yeah, cool. So they all send requests and these requests, so I'm going to go into a bit more detail just because I find it interesting. But these requests kind of have usually something like an http get. So do you remember what the http protocol is? The. Internet service protocol pretty close. It is on the Internet. Atp protocol is the hypertext transfer protocol, right? Thanks. Transfer. Do you know what it's used for? It's for an encryption. No, it's for websites. So if I say get, I would share my screen and I show you a practical example, but I can't. If I say get wwwdot Google com, it sends a get request on http. And basically what that does is it gets back some html and some css. You know what those are? Yeah. So when you go to Google, when you go on your browser and you say, wwwww dot Google dot com, it sends a request to the server and the server replies. And that's a get request here. And you can send a lot of data with a get request. Of course, here you just want na get Google dot com. The server replies. The server replies. And these people are served their Google results. Everyone is happy. But with a DDoS, Oh, your camera went out. Hello. Back all right I've activated my data I'm going to activate my data if it fails again, I've got my data ready to go so I'm just gonna to activate it if it goes down again. Okay and that way, Yeah so in a DDoS what you do is I will if I have a lot of money I'm going to buy a lot of computers and I'm just gonna to hit Google dot com. So Google here, Google and I'm going to get a lot of bots red bot one, bot two, bot three, bot four, bot five, and they're all gonna to hit to Google at the same time. Yeah and then Google will be like, Oh my God, I'm having a heart attack and it's going to collapse. It's going to basically fail and struggle locks. But even cooler what people do is they hijack computers. So if you go Google. What people do is they have a virus called a rat. A root is called a root access toolkit. And you use this rats, and you basically put in a bunch of people's computers and youthink, Oh, we probably don't have this now with windows being so secure and blah, blah, blah, blah, blah, blah. But actually, they're more common than you think. A lot of computers are hijacked and send a lot of requests, and they basically send a requests. And all those hijked computers, right? They're the same as if you bought a bunch of computers. They're just like zombies and they're from all around the world. So they're much harder to detect, and they all attack a service at the same time like that. And so the service goes down. And that's why it's called distributed. Because it's called distributed because there's lots of computers. So what would you think is then? So the difference between DDoS, we just said distributed denial service versus dos. What's the difference between the two? So maybe one is using many computers or, and one is just one. Exactly. Exactly. And usually what this does, a dos, a denial of service, it's only one computer. And what they do is they send malformed packets, malformed packets. They send a bunch of, like fucking a loop. Exactly. They they send a bunch, they send it in a loop. They send a bunch of of gibberish. They send a bunch of nonsense, right, and or like fake data, and then Google gets it and they're like, what is this right? And if the person is smart, then they designed it in a way that makes their servers completely have an aneurysm and nobody has Google anymore. So that's DDoS versus dos. So let's talk about fishing, farming, things like this. Do you know what fishing is? No have you ever received a scam call? Yeah, that's fishing. Okay. Yeah man. So basically, if ever you receive a scam call, what it's doing is it's fishing for your details, it's fishing for for what you want, but it's not very advanced, right? You can see what a what a scam call is almost immediately. I mean, I hope you can see it's a scam almost. I mean, can you can you tell it's a Yeah, Yeah, Yeah that so farming is a lot more. It's basically a lot more involved. Let me just get the cie definition for you. It's basically a way to kind of fine tune and really try to convince you. So a good way to do that is, for example, let's say I'm trying to steal bank account details or let's try something Yeah bank account details. So you might get an email from your bank. You have nice email. And it's your bank and it says, Oh, change password. And here's the thing, right? So you then you click on the link and it's basically a fake website. And so for example, if your bank is jp Morgan, I don't know if you know that bank itbe something like, Oh, let's let's say it's your Minecraft account, right? Then instead of being www dot Minecraft com, it might be Minecraft like this, the tnf inverted and then theyuse that to still your details. And they do that on a large scale. That's why they're farming, because they're sending that to lots of people and collecting other data. And so you would think that you know who would fall for this, but it's really easy. It's really easy to fall for this. Actually, when I was working at a one of the firms, we did a big test, a firmwide test. Every year, every single year we did a test and we tried to see, you know, are people gonna to fall for this, right, to our employees? So wesend a big email to our employees and you know, youthink, maybe one or two people out of 40, zero would fall for it, right, that they wouldn't click and change their password on a dodgy website. And it's ridiculous. But like something crazy, like 10% of people out of 40000 people, 4000 of them, you know, deliberately clicked on the farming email, went through all the steps of the dodgy website and then and clicked all this stuff and and and and fail the test. And so it works really well. And what what people have done. So for example, Minecraft has bought this domain, Minecraft com, right? Or like if your bank is, I don't know what what banks do you know? Do you know any good banks? No, no. Hsbc. Have you heard of them? Maybe? Yeah, right. Well, then they've they've bought hscb rights to to try and and get to try and make sure nobody gets scammed because they lose they lose literally millions of euros doing this. It's it's kind of it's kind of crazy. And so here they're asking you for a nice diagram. And so I'd like you to give a shot with what I've explained about farming so far. Try to draw a diagram, try to get these four points here. I know we didn't do it last time because they didn't have the knowledge. And I know it might be flaky today, but give it a shot. See if you can draw a diagram of a farming or what you think is farming. How would they draw the princess exactly? Creativity, oversize. Good luck. I'm joking, but try and do your best and really try to say think about what I said and try to implement it in a graph, even though it's it's not so obvious. I agree with you. Not a graph, but a drawing or something. So multiple diagrams though, because it's a process, right? Yeah, that's Yeah you can do that. You know it doesn't have to be just like one thing. It can be like a flow chart or like a arrows pointing to different stages of the process. Yeah you can be creative. It's our it's the rc parts of the computer science degree. Let me give you authorization. Yeah, I just realized I did not give you authorization. Here you go. I don't know how to draw though. Like I can write, but I don't know how to draw it. I'm sure you can do it. Give it a shot, anything. How does it want me to try it? Like what's the Marks came or anything? I have literally the mark scheme next to me. But if I show it to you, ittake out the the creative aspects. So that's why that's that's why I'm not showing you or giving you any ideas, because I generally can't think of a way to like accurately try it. The process of farming, think about the steps involved. Like if you were to do a PowerPoint presentation of what is farming to like I don't know your your your parents or or your classmates, then think about how youstructure that and then maybe use that to create a diagram, a drawing or a diagram. It's just pure pure diagrams. Yeah, Yeah, pure diagrams. You can use pure diagrams. You don't have to draw a person if you don't want to or like a hand or something. No, I just don't know how to draw it. Can you show me the mark scheme, please? You were starting off good. You were starting off good, genuinely. No I think of a way to like present it. I think it's all of them are off by some way. Think about the process like okay, using your words, tell me what farming is. So it's encourages you to click on a it prompts you to click on something that leads to a similar but say similar wafake website that gets your that prompts you also to enter your personal details. Yeah exactly. To gain information Yeah so it's it's a way of getting you to click something to steal your information when you when you told that to me, do you visualize it in your head? Like can you imagine a guy going to a website and going to an email and then clicking it and then can you see that in your head? Yeah but it's just a it's odor tive so I can't find the right way to do that. Yeah, it's odd, but you know you can think of the steps, right? Like you basically set it email and then click on a website and then and then you're there. So try and put that into it. Not another drawing. But like if it's literally just boxes with text, that's also fine, right? Boxes with text works well, yes. You don't have to draw like. Gmail com Yeah, it's a bit it's a bit tough for an hour and a half exam, Yeah. It's just about that. So for fake url Yeah wwww fake dot com. And it's. Something like that. Yeah, that's pretty good. Here. So again, this is the first time you see a diagram question. So you're not gonna to get many Marks. Of course you're not. But you know I'm glad you were able to do it something like this. It's very good what you did here. You would get one mark for this here. Now the mark scheme says that there's a diagram in the marscheme, but the diagram, you know it's not it's kind of an example, but it basically all it has in the marscheme is a user clicks an opens attachment link that triggers download, which does not you don't need a download here, but here you've got a click. So that's a click enter a personal detail that brings you to a new website address and it's redirected to fake website. So in fact, actually I said one point, but this is two points because you've got your click here and then you've you've got your personal detail. The actual thing that they use is something like this is user clicks, right? And then. Malare malware basically basically meaning that too. Fake. Like you did. And here another box real and another thing like redirected. Wrongly. So that's the points one, two, three, four. Another thing they mention is that they say download. Downloads malware. Now I actually disagree with them here, but that's one of their points as well that they say they say basically, let's say you have a let's say you have a farming attack. Do you know how dns works on your computer? Ns the domain name service exactly yes it maps it to the. Integer code of the domain exactly. Yeah. So you are your dns. And here you've got Google, maybe Amazon, maybe Minecraft or whatever. And then this will be something like ten, two, three, one. And what dns poofing does is it downloads some software, right? And it basically reroutes it to a new ip run 96, two, three, 5.6. And basically it blocks the original and it gives you a fake ip. So even if you say www. Google dot com, and this is a correct url, then on your computer, wwwdot Google dot com points to their ip address, their fake ip address. And actually, this is why this is why it's so not recommended to go on public networks without a vpn, because without a vpn, you can do what's called dns spoofing without installing anything on your computer. You can basically redirect all of the requests in the server. So remember, you have a router inside the server. So you can say, if I come to my coffee shop and I connect to Google dot com, then that's querying the Google dot com of the restaurant or the coffee place. And if they give me a wrong dns address, I'm going to go to a random address somewhere and then it could look the same. But of course, it's not the same service because I'm connected to this other random thing. Yeah, exactly. And that's how a lot of people get their their details stolen in coffee shops and or they get hacked or whatever. Nowadays it's safer. But back in the 2010s, there was a lot of that going around. Any questions so far? No. All right. And what is a web browser, in your own words, an application that is used to. Well, get resources from the Internet to from a server to display it as you turn. User chat interface, yes, display user interface, good. And one thing is very imperative, rendering html. You know what html is? So I'm not going to go into it, but rendering html is important. It's basically the whole job of web browser rendering html slash css slash JavaScript. Whatever. Cookies. What are cookies? Client sites, what do you call that? Client. Clocal data that. That remembers previous user interactions with the website exactly. So how would you answer this this question? Give three other functions of the web browser. I know it has nothing to do with cookies, but give three other functions of the web browser apart from you know cookies or web browser, we'll the data from the Internet. Yeah getting data. Connecting to a local server. Unfortunately, ately not kind of no, no, I wouldn't work with that though. Yeah, because we've already kind of answered that. What else do you think you can do? This is a ridiculous question, by the way. I mean, but it's part of your exam, so we should not call it ridiculous. But Yeah. So any other ideas? Think about basic stuff, like basic stuff to interwith the website. Sorry, to interact with the website. Yeah but you've already said that here. So but that kind of works though maybe maybe I can reuse it here. No youhave to don't think it. So I'll give you an example allowing the use of multiple tabs. That's an example of the kind of answer they want on that. Just think of things on a parallel of that. There's a lot of answers. So that's why I'm kind of pushing you for some answers, but think on that level, right? I don't know what else open chrome or Firefox or whatever you use right now and tell me what you see. And then you can probably answer this question. A search bar. Yes, that's a yes, exactly. That's a point. Provides a search enyeah. And but but there you go. So that's a point, literally. Another thing. Allows you to upload to the Internet upload, but think more more than just upload something else. Download you can download so upload is not on there but you said by quodata from the Internet so that is Yeah just say Oh that's no, you're right. You're right. Yeah we maybe download wouldn't work here because you did say getting data from the Internet. I'll just give you some another one that you can do is literally bookmarks. You know you can bookmark websites user history, right? You can also have something like, so here I said search bar is good, but youwant to say more specifically, address bar, because you're not you're not searching. It's more of an address bar, but it's the same thing. So just make sure you say address bar in case you get that multiple tabs, user history, managing protocols. So digital certificate, that's more advanced, that's pretty good. Url to dns, that's one that you might remember. Url to dns and that's more advanced. So maybe theybe nicer to you. Don't think you're smarter if you say something like this, right? Url to dns is done by the web browser. Okay, let's do the last question and then I'll ask what you think and if you have anything you wanna cover, because I've just been talking to one big monologue, so I'm sorry about that. A student visits a website that has user session cookies instead of persistent cookies. Do you know what cookies are and what you just did? You answered that already to me. But do you know what's the difference between a session cookie and a persistent cookie? A session cookie only exists in this access, in this immediate access of this Internet, this web page, website, after it ends. It did what do call that? Expired deleted Yeah. No, I just forgot the term. I used to use it when it goes out of. And session cookie I forgot it actually like when an object gets out of something, gets destroyed or something. I forgot the term garbage collection. It's it's just expired is what the term I would use. Yeah, expired. Is there another word? Is that the right word? I'm not sure. No, it was some meaning. Like if an object gets gets out of the gets out of something, it gets destroyed. I forgot was it's called avoid ded avoided maybe no out of bounds Yeah sort of like that out of ways some I forgot though, but you got the session parts completely correct. What about the persistent cookie? It's downloaded as a client site a local data for the website to access exactly four points. Good job. So you're good on that and you're hopefully good on the rest. Okay. Any questions? What do you think? No, I think that was quite well. Explai think I understood all but nice. I'm glad I've not been asked to do another paper with you, thank God. But if I'm probably going to be asked to do another paper with you again, in that case, I hate to do it, but I'd have to to ask you to do it. If we do it again, it would basically be where you would fill it out on paper, on camera, in front of me. Yeah. So and then youhave to like scan them and send them over. So not gonna to happen this session or next session or even soon, but just be aware of that just in case he comes up next time because I was I was told off we're not not installing the document unfortunately. And so I just remembered the word dice wanted to say it was scope stop out of scope, it gets this stroyed. Yeah Yeah, you're a programmer. That's good. No, it's tough actually, because I I also struggled. Well, I mean, you're not struggling with this course at all, right? But but the thing with these papers is that they they simplify and dumb down quite quite complex topics. And when you know a lot about computer science, you it doesn't matter or add up some of these things. So I appreciate the difficulty there. I know I lost the first time I did my igcse and my a levels early for computer science, but I didn't get top Marks. I got a good grade, but I didn't get the top mark that I wanted just because I, you know, I didn't know like, Oh, the what cie wanted from me, right? I just knew the answers to these things, but not and I knew how to code and such, but I didn't know how to but Yeah, so this is why it's important, really, really, really important even though you know and I know that you know these things, it's really important that you understand how cie wants them from you. That's actually the most important. Yeah, absolutely. I would have to look through the Marks scheme to point what they want and how to answer that exactly. And once you've got that down to T, I mean, then you can really start just hammering these papers. I mean, you could be scoring close to top Marks on these right? In less than an hour you did almost the whole thing and you got 80%. So it's really impressive. So Yeah, anyway, is there anything else you want to cover today? Any questions you have related to some personal projects perhaps? I mean, I could show you the projects right now, but I don't know I don't know how many characters this allows for, but I'm gonna to paste my main file which go for it and try gain the hpp windows mesh debug. All right, let's have a look at this. This is using gl. Yeah, it's just a rendering api that I built myself just three years maybe. Still quite configured for debug cluthough. There's the occasional standard scene. Don't good this reading through the code shais the gl object, gl player, gl window, everything. It's just the helper classes that I've written, okay? Some impressive code. Thank you. You've got your little zoom zoom. I should be able to sort of improve the, I should be able to optimize it to make it run faster. But I don't know how though or especially for the zoom part, the zoom part, it's it's not you're saying it's not it's not optimized. I think it's not that optimized. I think it could be better. What's the why optimize? You mean the frame rate is low or something like this? No, I just, no, I just think I don't want it in the main file. Oh Yeah, Yeah. Don't want that big chunk of code in the main file. This one here at the if window, get cursor. I mean, you could create a, this is what I do. I create a culike command handling function. Have you heard of the, maybe appreciate this. Have you heard of the states, the state model? Have you heard of the state model? No, this is what I use. This revolutionized my game theory. I mean, basically what it does is let's say what I do is is kind of object oriented programming. But I mean this sorry, I'm going off your code. Do you have any questions about the code just now? No, no, no, no. It's just some good couploaded. It took it yesterday. Oh, nice, nice. Yeah. Don't hesitate in the in the chat to send me your git profile and I can always check something out, right? Yeah but basically what what I what I learned about the state model is is pretty cool. What you do is you create A A game item so a game item and it's like a loader. And what I do and this is this is popular as well, you can rule this is I have different like scenarios so I different states so I have like states game state menu. Right and like maybe inside of state game I'll have like world one, right, world two but this could be really anything. This could be like, I don't know. Yeah, Yeah, it could be anything, right? It's like it could literally be anything inside of a game and then menu would basically be like, Oh, maybe it's this would be like actually like main menu, like main menu Yeah or settings. And and what I do is so these what I do is I create this joint state here, and that way I kind of have these blocks. And so I'm going to mention why. So I'm going to tell you in a second why that's important. But let's say I've got my game loop here. Right it's running through my game and usually you've got an update method, update the worlcomponents and then render. Yeah, I just I plug in the state inside the Green loop. So I know this is very abstract, but I'm theoretical, but maybe I'll send you a video on on the chat so you can see where what it is and I plug it into the game loop and then basically it's running all these things. And why why do I why do I even mention this? Because you can create a game controller. Right. That's that says its own object or its own like a parent class. Remember, you got the parent and the child d's classes and everything. And you can have one for like menus, for example, menus or you can have one, for example, for like a game. And the state is a singluton that allows you to basically do all that. It's a class. It's a class that allows you to do it's Yeah Sington exactly. It's a parenclass and you can load it in. I've I've never done it in C++. I'm absolutely sure you can do it. But basically imagine it almost exactly as a parent class. And it's got the upand render functions, but it takes in as like a parameter, a certain game controller. So for example, you don't want to have this code here, right? You've got this big block of code that's like, Oh Yeah, if curser called back, blah, blah, blah, blah, blah. Blawhat you can do is you can create your new controller. I'm I'm drawing at the top, by the way. Yeah, I'm I create this new controller as an input. I put in the the window, right? Because then you can get the cursor callback, right? And then in this controller, then I'll have two and these will literally be two new files where I might have, for example, menu controller, I might have game, right? And that way you separate out all your code. You don't have to think about you know having a big if statement in the middle of your of your main loop and you just load in your game controller for the menu. And if you're on the menu state, and it's done automatically because obviously the menu controller will be in the menu state and the game controller if fits on the game state. Do you have any questions? We only have one minute, so shoot, if you have any. No, I just want to hear how you kind of do it. Does that does that help you at all? Here, let me state picture c principles. I just thought of a way to like kind of make it a bit cleaner. I could write to it foostatement, you could write about sir switch statement there. Yeah, you you could also write a switch switch statement. I mean, your code is great. Absolutely great. This is a small YouTube channel I just found. Like I literally just googled this, but it's I have not watched it, so I don't know if it's good but where they explain ined, the state model helps you research, but give it a look. The state model changed my whole game development journey was great. So if you have time, look into it and maybe I can explain the next session to be honest. Thank you, sir. All right, Henry, we have have a great week. Okay. Yeah, thank you. Bye bye. Let's see you.
处理时间: 29021 秒 | 字符数: 39,509
AI分析
完成
分析结果 (可编辑,支持美化与着色)
{
"header_icon": "fas fa-crown",
"course_title_en": "Language Course Summary",
"course_title_cn": "语言课程总结",
"course_subtitle_en": "1v1 CS Review Lesson - Security & Web Concepts",
"course_subtitle_cn": "1v1 计算机科学复习课 - 安全与网络概念",
"course_name_en": "CS Review Lesson",
"course_name_cn": "计算机科学复习课",
"course_topic_en": "Review of Test Questions: Storage, Software Layers, Cybersecurity (DDoS, Phishing\/Farming, DNS Spoofing), Web Browser Functions, Cookies",
"course_topic_cn": "复习测试题:存储、软件分层、网络安全(DDoS、钓鱼\/欺骗、DNS 欺骗)、网页浏览器功能、Cookie",
"course_date_en": "N\/A (Based on conversation context)",
"course_date_cn": "未明确说明(根据对话判断)",
"student_name": "Henry",
"teaching_focus_en": "Reviewing incorrect answers from a recent test, focusing on computer storage types, software architecture layering, key cybersecurity definitions (DDoS vs DoS, Phishing\/Farming, DNS Spoofing), and fundamental web concepts (Browser functions, Cookies). Also introduced advanced OOP concept (State Model) in relation to student's personal project.",
"teaching_focus_cn": "复习最近一次测试中错误的题目,重点关注计算机存储类型、软件架构分层、关键网络安全定义(DDoS vs DoS、网络钓鱼\/欺骗、DNS 欺骗)以及基本网络概念(浏览器功能、Cookie)。同时,针对学生的个人项目引入了更高级的面向对象编程概念(状态模式)。",
"teaching_objectives": [
{
"en": "Review and correct conceptual misunderstandings from the previous test.",
"cn": "复习并纠正学生在上次测试中存在的概念性误解。"
},
{
"en": "Ensure solid understanding of storage hierarchy (Primary, Secondary, Tertiary) and software layer definitions.",
"cn": "确保学生对存储层级(主、辅、第三级)和软件分层定义的扎实理解。"
},
{
"en": "Define and differentiate key cybersecurity terms like DDoS, DoS, Phishing, Farming, and DNS Spoofing.",
"cn": "定义并区分关键网络安全术语,如 DDoS、DoS、网络钓鱼、欺骗和 DNS 欺骗。"
},
{
"en": "Provide feedback on a specific diagram question regarding Phishing\/Farming.",
"cn": "对关于网络钓鱼\/欺骗的特定图表题提供反馈。"
}
],
"timeline_activities": [
{
"time": "Start",
"title_en": "Test Review & Goal Setting",
"title_cn": "测试回顾与目标设定",
"description_en": "Brief check-in about the week and agreement to review specific test questions first.",
"description_cn": "简短问候,确认本周情况,并同意首先回顾特定的测试题目。"
},
{
"time": "Early Session",
"title_en": "Storage & Software Layer Review",
"title_cn": "存储与软件层回顾",
"description_en": "Reviewing errors related to storage types (CD as secondary) and the hierarchy of hardware, firmware, OS, system software, and application software.",
"description_cn": "复习与存储类型(CD 作为二级存储)和硬件、固件、操作系统、系统软件和应用软件分层相关的错误。"
},
{
"time": "Mid Session",
"title_en": "Cybersecurity Deep Dive (DDoS, Phishing, DNS)",
"title_cn": "网络安全深入讲解(DDoS、网络钓鱼、DNS 欺骗)",
"description_en": "Detailed explanation of DDoS vs DoS, Phishing vs Farming (including a discussion on CI\/CE expectations for the diagram question), and DNS Spoofing.",
"description_cn": "详细解释 DDoS 与 DoS、网络钓鱼与欺骗的区别(包括对 CI\/CE 关于图表题的期望讨论),以及 DNS 欺骗。"
},
{
"time": "Late Session",
"title_en": "Web Concepts Review & Advanced Topic Introduction",
"title_cn": "网络概念复习与高级主题介绍",
"description_en": "Reviewing web browser functions, cookies (session vs persistent), and teacher shared his personal OpenGL rendering code, leading to a discussion of the State Model design pattern.",
"description_cn": "复习网页浏览器功能、Cookie(会话与持久性),教师分享了自己的 OpenGL 渲染代码,并引出了对状态模式设计模式的讨论。"
},
{
"time": "End",
"title_en": "Wrap-up and Future Planning",
"title_cn": "总结和后续计划",
"description_en": "Concluding the session, emphasizing the need to align answers with exam board expectations (CI\/CE).",
"description_cn": "课程结束,强调了使答案与考试机构(CI\/CE)期望保持一致的重要性。"
}
],
"vocabulary_en": "Hard disk drive (HDD), SSD, CD (Compact Disk), Firmware, BIOS, ROM, Kernel, Application, Utility Software, Brute Force, Two-Factor Authorization (2FA), Biometric Data, Robot, Actuators, Sensors, DDoS (Distributed Denial of Service), DoS (Denial of Service), HTTP (Hypertext Transfer Protocol), HTML, CSS, RAT (Remote Access Toolkit), Phishing, Farming, DNS (Domain Name System), DNS Spoofing, Web Browser, Cookies (Session\/Persistent), State Model, Singleton.",
"vocabulary_cn": "硬盘驱动器 (HDD), 固态硬盘 (SSD), 光盘 (CD), 固件, 基本输入输出系统 (BIOS), 只读存储器 (ROM), 内核, 应用软件, 实用工具软件, 暴力破解, 双因素认证 (2FA), 生物识别数据, 机器人, 执行器, 传感器, 分布式拒绝服务 (DDoS), 拒绝服务 (DoS), 超文本传输协议 (HTTP), HTML, CSS, 远程访问工具包 (RAT), 网络钓鱼, 欺骗, 域名系统 (DNS), DNS 欺骗, 网页浏览器, Cookie(会话\/持久性), 状态模式, 单例模式。",
"concepts_en": "Storage Hierarchy (Primary\/Secondary\/Tertiary), Software Layers (Hardware -> Firmware -> OS -> System\/App), DDoS vs DoS, Phishing vs Farming (social engineering tactics), DNS Resolution Mapping, Web Browser Core Functions, Cookie Lifecycles, State Model Pattern (for code organization).",
"concepts_cn": "存储层级(主\/辅\/第三级)、软件分层结构(硬件 -> 固件 -> OS -> 系统\/应用)、DDoS 与 DoS 的区别、网络钓鱼与欺骗(社会工程学策略)、DNS 解析映射、网页浏览器核心功能、Cookie 生命周期、状态模式(用于代码组织)。",
"skills_practiced_en": "Conceptual recall and definition application (test review), Differentiation of related technical terms, Explanation of complex processes (DDoS mechanism), Application of learned concepts to visual diagramming (Phishing\/Farming), Discussion of programming design patterns (State Model).",
"skills_practiced_cn": "概念回忆与定义应用(测试复习)、相关技术术语的区分、复杂过程的解释(DDoS 机制)、将所学概念应用于可视化图表绘制(网络钓鱼\/欺骗)、讨论编程设计模式(状态模式)。",
"teaching_resources": [
{
"en": "Previous test paper content (specifically security and storage questions).",
"cn": "之前的测试试卷内容(特别是安全和存储问题)。"
},
{
"en": "Teacher's notes\/Mark scheme for Phishing\/Farming diagram question.",
"cn": "教师关于网络钓鱼\/欺骗图表题的笔记\/评分标准。"
},
{
"en": "Student's C++ OpenGL rendering code snippet.",
"cn": "学生提供的 C++ OpenGL 渲染代码片段。"
}
],
"participation_assessment": [
{
"en": "Henry actively engaged throughout the review, especially when discussing his personal projects and coding interests.",
"cn": "Henry 在整个复习过程中积极参与,尤其是在讨论他的个人项目和编程兴趣时。"
},
{
"en": "Participation level was high, despite some initial hesitation regarding abstract drawing tasks.",
"cn": "尽管对抽象绘图任务最初有些犹豫,但参与度很高。"
}
],
"comprehension_assessment": [
{
"en": "Strong grasp of the software layering concept, especially when prompted with real-world examples (e.g., BIOS on firmware).",
"cn": "对软件分层概念的掌握很强,尤其是在被提示使用现实世界的例子时(例如 BIOS 运行在固件上)。"
},
{
"en": "Initial confusion between DoS and DDoS was quickly resolved with clear examples.",
"cn": "DoS 和 DDoS 之间的初始混淆通过清晰的示例很快得到解决。"
},
{
"en": "Conceptual understanding of Phishing\/Farming was good, but visualization for the formal diagram proved difficult.",
"cn": "对网络钓鱼\/欺骗的概念理解良好,但正式图表的视觉化表现有难度。"
}
],
"oral_assessment": [
{
"en": "Student speaks fluently but sometimes relies on simple terms ('expired' instead of 'out of scope' for cookies).",
"cn": "学生口语流利,但有时依赖简单术语(如 Cookie 用 'expired' 而非 'out of scope')。"
},
{
"en": "Demonstrates good recall when prompted with specific terms (e.g., defining DDoS components).",
"cn": "在被提示特定术语时,展现出良好的记忆力(例如定义 DDoS 的组成部分)。"
}
],
"written_assessment_en": "Student's performance on the reviewed test sections showed systematic errors related to exam board specification rather than fundamental lack of knowledge. Successfully defined most complex terms when verbally prompted.",
"written_assessment_cn": "学生在复习的测试部分表现出与考试机构规范相关的系统性错误,而非基本知识的缺乏。在口头提示下,成功定义了大多数复杂术语。",
"student_strengths": [
{
"en": "Strong interest and knowledge in practical programming (sharing OpenGL code and discussing optimization).",
"cn": "对实际编程有浓厚兴趣和知识储备(分享了 OpenGL 代码并讨论了优化)。"
},
{
"en": "Quickly understands layered\/hierarchical concepts when explained clearly (e.g., hardware layers, cookie scope).",
"cn": "当概念解释清晰时,能快速理解分层\/层次结构(例如硬件层级、Cookie 范围)。"
},
{
"en": "Good recall of high-level cybersecurity concepts after brief review.",
"cn": "经过简短复习后,对高层次网络安全概念记忆良好。"
}
],
"improvement_areas": [
{
"en": "Memorizing specific, rigid definitions required by the exam board (e.g., the exact definition of a 'Robot').",
"cn": "需要记忆考试机构要求的具体、严格的定义(例如'机器人'的确切定义)。"
},
{
"en": "Translating conceptual understanding into formal, structured diagrammatic representations required for written exams (Phishing\/Farming process).",
"cn": "将概念理解转化为书面考试要求的正式、结构化的图表表示(网络钓鱼\/欺骗过程)。"
},
{
"en": "Differentiating between similar technical terms based on precise context (e.g., DoS vs DDoS sources).",
"cn": "根据精确的上下文区分相似的技术术语(例如 DoS 与 DDoS 的来源)。"
}
],
"teaching_effectiveness": [
{
"en": "The review approach, focusing on past errors, was highly effective in targeting weaknesses.",
"cn": "针对以往错误的复习方法,在靶向弱点方面非常有效。"
},
{
"en": "The teacher successfully integrated student's personal interests (coding) to explain abstract CS theory (State Model).",
"cn": "教师成功地将学生的个人兴趣(编码)融入到抽象的计算机科学理论(状态模式)的解释中。"
},
{
"en": "Explanations were detailed and used analogies effectively, though sometimes lengthy.",
"cn": "解释详细且有效地使用了类比,尽管有时篇幅较长。"
}
],
"pace_management": [
{
"en": "The pace was generally appropriate for a review session, allowing deep dives into security topics.",
"cn": "节奏总体适合复习课程,允许深入探讨安全主题。"
},
{
"en": "Minor network instability required brief pauses, but the teacher managed transitions well.",
"cn": "轻微的网络不稳定导致了短暂的停顿,但教师很好地管理了过渡。"
}
],
"classroom_atmosphere_en": "Collaborative and encouraging. The teacher showed great appreciation for the student's advanced programming work, creating a positive learning environment.",
"classroom_atmosphere_cn": "协作和鼓励性强。教师对学生的高级编程工作表示赞赏,营造了积极的学习环境。",
"objective_achievement": [
{
"en": "Conceptual misunderstandings were addressed effectively by reviewing test items.",
"cn": "通过回顾测试项目,有效地解决了概念上的误解。"
},
{
"en": "Key definitions in security and storage were reinforced, although the diagram skill remains an area for practice.",
"cn": "安全和存储的关键定义得到了加强,尽管图表绘制技能仍有待练习。"
}
],
"teaching_strengths": {
"identified_strengths": [
{
"en": "Ability to link syllabus content directly to student's current knowledge and projects.",
"cn": "能够将教学大纲内容直接与学生当前知识和项目联系起来的能力。"
},
{
"en": "Patience and thoroughness when explaining abstract or bureaucratic exam requirements (CI\/CE wording).",
"cn": "在解释抽象或应试要求(CI\/CE 措辞)时表现出耐心和彻底性。"
}
],
"effective_methods": [
{
"en": "Using the 'I don't know' moments to introduce advanced\/related concepts (e.g., State Model from code sharing).",
"cn": "利用“我不知道”的时刻引入更高级\/相关概念(例如,通过代码分享引入状态模式)。"
},
{
"en": "Breaking down complex terms like DDoS into step-by-step mechanisms using clear analogies (e.g., attacking Google).",
"cn": "通过清晰的类比(例如攻击 Google)将复杂的术语(如 DDoS)分解为分步机制。"
}
],
"positive_feedback": [
{
"en": "Praise for the student's high score (80%) despite the difficulty and comprehensive nature of the test.",
"cn": "表扬学生在困难且全面的测试中取得了高分(80%)。"
},
{
"en": "Positive reinforcement regarding the student's ability to articulate complex definitions verbally.",
"cn": "对学生能够口头清晰阐述复杂定义的积极肯定。"
}
]
},
"specific_suggestions": [
{
"icon": "fas fa-book-reader",
"category_en": "Exam Technique & Definition Recall",
"category_cn": "考试技巧与定义记忆",
"suggestions": [
{
"en": "For high-stakes exams, create flashcards for official definitions (e.g., 'Robot') to align exactly with CI\/CE mark schemes.",
"cn": "对于高风险考试,创建官方定义的抽认卡(例如“机器人”),以精确匹配 CI\/CE 评分标准。"
},
{
"en": "Practice diagramming processes (like Farming) by focusing on sequential boxes and arrows, ignoring complex drawing elements.",
"cn": "练习流程图绘制(如网络欺骗),重点关注顺序方框和箭头,忽略复杂的绘画元素。"
}
]
},
{
"icon": "fas fa-code",
"category_en": "Programming & Software Design",
"category_cn": "编程与软件设计",
"suggestions": [
{
"en": "Research the 'State Model' design pattern in more depth, especially how it uses parent classes\/singletons to manage game loops and input handling.",
"cn": "深入研究“状态模式”设计模式,特别是它如何使用父类\/单例来管理游戏循环和输入处理。"
},
{
"en": "Explore refactoring the current OpenGL code to separate the input handling logic into dedicated controller classes as discussed.",
"cn": "尝试重构当前的 OpenGL 代码,将输入处理逻辑分离到讨论中提到的专用控制器类中。"
}
]
}
],
"next_focus": [
{
"en": "Further practice on diagram-based application questions common in the syllabus.",
"cn": "进一步练习考试大纲中常见基于图表的应用题。"
},
{
"en": "Reviewing how to apply advanced design patterns (like the State Model) in object-oriented C++ for upcoming projects.",
"cn": "复习如何在面向对象的 C++ 中应用高级设计模式(如状态模式)以应对未来的项目。"
}
],
"homework_resources": [
{
"en": "Review the specific CI\/CE mark scheme points for the Phishing\/Farming diagram question to understand required keywords\/steps.",
"cn": "复习网络钓鱼\/欺骗图表题的 CI\/CE 具体评分标准要点,以了解所需的关键词\/步骤。"
},
{
"en": "Watch the suggested YouTube video on the State Model to solidify theoretical understanding.",
"cn": "观看关于状态模式的推荐 YouTube 视频,以巩固理论理解。"
}
]
}