Hi all, Marks for all components have been released, and should be available in csmarks. I've had some technical difficulties uploading detailed breakdowns of project results, but hope to have them on Moodle either today or by Monday COB at the latest....

Hi all, Just some hopefully useful information about the exam tomorrow The University recommends you arrive for any exam at least 15 minutes before the start time. That's especially important for lab-based exams, since you need to make sure you're l...

Hi Joel, Unfortunately not - though I'd love to have project marks and feedback available before the exam, I'm constrained by the marking resources available to me. Cheers Arran

Hi, The exam won't have any questions requiring you to use a compiler or IDE (unlike the quiz and mid-semester test, which were open-book, and encouraged you to make use of a compiler or IDE, and did have questions where information about e.g. data ...

Yes, if you check the Moodle server, the week 4 quiz feedback is available now. You should copy and paste anything particularly important you want from it, though, since the quiz won't be accessible during the exam, nor during "clash" exam sessions be...

Hi, There wasn't sufficient time to cover them in detail, so no, those slides won't be examinable. IPC concepts have come up a few times in relation to other topics, though, so it wouldn't hurt to look through the slides anyway. The Goodrich and Tama...

ANONYMOUS wrote Just "Arran" is fine. I don't believe I'm in any danger of receiving a knighthood. I've added them to the "Resources" web page. As a tip the whole time this semester, you could've looked at solutions for any lab you wanted by viewing t...

Hi all, I just noticed the "Exam venue" link in the LMS wasn't visible to students. My apologies - I've made it visible. Cheers Arran

Hi, You can put anything you like in your notes. That said, there's usually not much time in an exam to look through and use written materials - so instead of planning to make use of notes or lab sheets in the exam, it's often a better idea to try and...

Hi, Sure, just email me - you're correct, the late submissions area isn't open by default. (If I make it open by default, Moodle starts warning all the people with on-time submissions that they have an assessment due.) Cheers Arran

Hi, The cli function is expected to print output to stdout and stderr, so printing to those file-streams won't interfere with the marking scripts. The marking scripts capture your function's output by creating in-memory "files" using memfd create(...

Hi, Well, what do you think the difference is? A C textbook, or a man page, or the cppreference website might be good places to look for information. (I'll gently point you towards the "How do I ask a good question?" link at the top of the forum i...

Hi Shashwat, That's not what the Moodle logs say. They say that you were still using the testbed area up until 4 58 01 PM. At 4 59 55 PM, you opened the project submission area for the first time ever. And at 5 00 pm, having failed to make a submissi...

Hi Shashwat, The late submissions area should be open now. Cheers Arran

ANONYMOUS wrote My suggested process is - Make sure you have a Makefile for building your project. - Install bear sudo apt-get install bear . Clang analysers work best with a "compilation database" that tells them how your code is built (e.g. wher...

It's nearly always a good idea to include newlines at the end of output to stdout or stderr. Besides the fact that it makes the output more legible, output to a file stream is buffered - see here https www.gnu.org software libc manual html node B...

Yes, this has already been answered. ANONYMOUS wrote

Your question is already answered in the documentation for the Vigen re functions. Cheers Arran ANONYMOUS wrote

You are correct - that's an error in the specification, since it fails to state what you should do in such a case and is therefore incomplete. Well spotted ) You should indeed check that the Vigen re key meets the criteria for validity, and should ...

Answered off-forum. But in brief what we're writing in the project isn't really a program , but a library (admittedly a very small one) - a set of functions serving some common purpose. So as library maintainers, we can just declare caesar decry...

This student contacted me off-forum, so I won't make a full reply here, but briefly - Anything from the lectures is non-normative (https developer.mozilla.org en-US docs Glossary Non-normative) - it's the project spec you should be working off - Wh...

Hi, In C, the only way you can check if a string is null-terminated is if you know the size of the array that it's in. If you know the array is, say, N elements long, you can just write a loop bool is null terminated false; for(size t i 0; i...

Hi, The cli function is the only one you're required to write a Doxygen-processable documentation block for. API documentation is essential for any public-facing function, and cli is one of those. For helper functions even though these are intern...

This is already answered in the project specification. Removing. ANONYMOUS wrote

Hi Siya, No worries. Your mark (and the mark of anyone else who did that question) should now have been corrected, on both Moodle and csmarks. cheers Arran

Hi all, In tomorrow's lecture, I'll aim to finish discussion of any topics I didn't get a chance to cover fully in previous lectures. Other than that, it is an opportunity to ask questions about any topic you like related to the unit. So if there are q...

Hi Luke, That doesn't sound right. Where do you see that stipulation? Can you please give the relevant part of the project specification? Also, can you clarify, what do you mean by "the program"? The specification doesn't ask you to submit a "program"...

Hi Hugo. Well, where are you getting the requirement from that the Vigen re key shouldn't contain digits or characters outside the range? That might provide some clue as to how a violation needs to be handled. Cheers Arran

Hi, Those questions explicitly state that markers will use them for allocating marks. So no, I don't suggest removing those from the total score. Cheers Arran

Hi, No worries. To clarify just paste your implementations (including any documentation for cli ) into Moodle. As the header file itself says, it isn't to be submitted, so just include your documentation block for cli with the source. (It's common t...

Hi, I'm afraid you'll have to work this out for yourself, at this point. I regard ambiguities or contradictions in the spec as already having been clarified (https cits3007.github.io faq how-are-problems-with-the-project-specification-resolved 3F)...

Hi, Well, really it's up to you to apply your best understanding of appropriate software development principles, and decide this for yourself. But perhaps expand on your thinking here, a little bit - can you suggest reasons for or against calling cae...

Hi Siyu, Questions do get re-used from year to year (sometimes with minor changes), so I've had to hide your post. In this case, it looks like there was an error in the question I'll fix that, and adjust the marks of anyone who did that question. But ...

Hi, They don't need to be explicitly called, no. (You can if you want, but tbh it makes the code rather awkward.) The intent is just for you to make use of the logic you came up with while implementing the Caesar functions my apologies, the spec...

Hi, I assume you mean "the submission area", not "the test area". It works by compiling your code using GCC, and then linking it against a "main.c" file which calls the implemented functions. If the code fails to compile or link, then that indicates th...

Hi all, I've enable a "testbed" area in Moodle as well. It's no substitute for running your own tests (with sanitizers enabled, and at varying optimization levels), and if you rely on it solely, you may well miss errors in your code. But it's there fo...

Hi all, Just following up on this - the Moodle feedback should also be available now. Cheers Arran

Hi Spencer, The cli function is an important deliverable for the project, and is definitely not "just for" testing You may want to review last week's lecture, since I discussed the cli function and its purpose in a reasonable amount of detail. Als...

Hi Spencer, I'll enable the test sandbox shortly. But really, you shouldn't rely on it, and it won't help you much. The project spec and the labs make it clear that part of the work of the project is for students to make use of sanitizers, static anal...

Hi, As per the schedule (https cits3007.github.io schedule ), there are no labs this week. The schedule does not, in fact, say anything about labsheets unless I'm missing something? It says "no labs". If you have queries relating to the project...

Hi all, Apologies for the delay in getting mid-semester marks back - I unexpectedly short of qualified markers for it. Marks are up in csmarks, and I'll have feedback available in Moodle shortly. Cheers Arran

Hi, If anyone has suggestions for addressing this problem, feel free to post. It's not something I'm able to assist with at the moment, as there is not nearly enough information to go on the name of the signal that caused an error isn't sufficient,...

Hi, Apologies for the delay. The submission area is available on Moodle. I'll also enable the test area - but bear in mind that it won't substitute for your own testing. cheers Arran ANONYMOUS wrote

Hi all, The revised project spec is available there are a few minor improvements to wording, but other than that, no very significant changes beyond what's already been flagged in this forum. You can see the exact changes made to the spec document ...

Hi ANONYMOUS wrote Well, based on what was said in the lecture, what do you think? What's your interpretation, and if there are bits of the lecture you didn't understand, what exactly were they? Feel free to give timestamps to exact positions in the ...

Hi, A couple of things. The reason you're getting warnings is because the code you're compiling is not, in fact, from the spec. Check the compiler messages carefully You've said you're trying to compile this fragment A char cipher text sizeo...

Hi, It's entirely up to you how you organize your code. What you need to submit is definitions for the 5 required functions (and any helper functions you might define). Anything extra you submit will be ignored, unless it hinders readability or causes...

Hi, Just to clarify, my suggestion was that you come up with (ideally multiple) ways the apparent contradiction might be resolved the idea here is for students to actively engage with the project specification, and think about how project requirem...

Hi, For students in today's 9am lab unfortunately the usual lab facilitator was not available, and I didn't realize this until it was too late to arrange for someone else to facilitate my apologies. I've scheduled a replacement session for 2-3 30p...

Hi all, Just FYI, exam venues have been confirmed. The main venue is the MATH 123 math123 lab, and students with alternative exam arrangements will be in one of the CSSE labs. I will post full details on the LMS. math123 https link.mazemap.com ...

Just "Arran" is fine. I'm going to ask you to reflect a bit more on your question. Can you think of any ways of resolving this possible contradiction? What are they? Suggest some ideas. Cheers Arran

Gotcha - the crypto.h version is the correct one (for the reasons I gave - the output parameter comes last). So that's how you need to code your implementation - does that help? Cheers Arran

Hi all, I'll likely post the revised project spec towards the end of this week. After that point, the spec can be considered "frozen" (as per the guidelines here spec ). spec https cits3007.github.io faq how-are-problems-with-the-project-specif...

Hi, Sure, that sounds mostly right. The code really should be pretty easy, so there should be plenty of time to focus on making sure your code is correct, covers edge cases, and is clear and understandable. Therefore markers will expect a fairly hig...

Hi, I'll amend the spec to clarify this the key must fall in the "encryptable range" specified by range low and range high . For each letter of the plaintext which is to be encrypted, we work out an appropriate caesar cipher by subtracting low ra...

Hi Taylah, No, that's not a typo. Typically in related functions, we put input and output parameters in a consistent order. In the encryption function, cipher text is an output. But in the decryption function, plain text is the input, and ciphe...

Hi Hugo, You're correct, and I've updated the header file. Cheers Arran

Hi, As a first step, I'd suggest you show what you think it might look like - presumably you can make some guesses? Cheers Arran

Hi, I think you may have a fairly major misunderstanding of the project specification and the header file you're provided with. My first suggestion would be to first make sure you've read through the whole of the specification and the provided heade...

No worries. Just to explain why it's done this way often, example presentations of e.g. the Caesar cipher will operate only on uppercase alphabetic characters, and everything else is "passed through". But sometimes you might want to treat, say, pu...

Hi, Can you clarify, what part of the spec or code are you referring to, when you say "The project only mentions that the plain text must be between this range"? I can't spot anything in the spec which imposes such a requirement. Amongst other things, ...

Hi all, The project spec is now available on the website at https cits3007.github.io assessment project , together with a zipped header file. I've adjusted the due date to 23 May (week 12), as I wanted to allow more than 2 weeks to do it in. Studen...

Hi Hugo, Apologies for the delay. Yes, the project will be out tomorrow morning - and I'll extend the deadline by a week. (I'll amend the dates on the website shortly.) Cheers Arran

Hi, The material we actually covered in week 7 (last week) is already up, and the week 8 material will go up prior to the lecture. I normally try to ensure lecture slides are up on the Monday or Tuesday, but during particularly busy weeks (for instanc...

Hi all, I mentioned in lectures that you don't need to be a security expert to identify a vulnerability plenty of people have discovered vulnerabilities in existing programs armed with nothing more than a general knowledge of good coding practices...

Hi all, The mid-semester test should now be visible to you on Moodle (though it can't be started until it unlocks at 5pm) let me know if it's not showing up. The number of questions and marks are listed in the test instructions. (Also, if you're no...

Hi all, Just a note that I won't be available for my usual office hours today (4 5pm), as I'll be preparing the mid-semester test for release. If you need to meet with me, just email instead to arrange a suitable time. Cheers Arran

Hi, Short answer the default shell in your VM was deleted by a command you typed; the best thing to do is throw away your current VM instance, and start a new one. Longer answer The reason you're seeing those errors is due to a failed, prior command t...

Hi all, Just a reminder that if for some reason you're regularly unable to attend a lab session, you should email me and let me know. Keeping up with the lab content is an important part of the unit, and (especially for the project) it's a good idea to...

Hi all, I'll discuss the upcoming mid-semester test and the project a bit more in tomorrow's lecture, but here is some basic information about them. Mid-sem test The test will have mostly multi choice and short answer questions, similar to the week ...

Hi all, Over the Easter weekend, malicious code ( CVE-2024-3094 cve ) was discovered in the popular XZ Utils xz compression package which created a backdoor bd into affected Linux systems. The incident has been very widely reported in technical...

Hi all, Marks for the quiz are now available on csmarks (https secure.csse.uwa.edu.au run csmarks), and feedback on individual questions should be viewable on Moodle. The average mark for the quiz was 85 , which is excellent. Except for the very las...

Hi all, As mentioned in today's lecture, the 8am Thursday lab sessions have had very low turnout (only one person last week), which means it's difficult to justify running them. I'll therefore be cancelling that lab slot after this week - if you were ...

Hi all - Apologies for the delay. Just letting you know that quiz marks should be available either later today or tomorrow. Cheers Arran

Hi all, The quiz has now closed, and it looks like the average is fairly high, which is great I take it to mean people have a pretty good understanding of basic concepts. (Or that I made the questions too easy.) As per the rubric rubric , short a...

Hi all, Just a reminder regarding student conduct requirements. I allow a fair bit of flexibility regarding when students sit the online tests they can be started at any convenient time in a 24-hour block. However, students must still comply with th...

Hi all, I won't be holding my usual office hours (4-5pm) today, as I'll be preparing to release the Moodle quiz (worth 5 ) that opens at 5pm. I'll discuss the quiz more in today's lecture, but there are some tips and instructions here quiz if needed...

Can you clarify exactly what it is you don't understand? Otherwise it's difficult for me to know what needs explaining. (In future, it would also be helpful if you gave the exact slide number you're referring to.) However, I do note that you've quoted...

I'd suggest working through (and reviewing) the lecture and lab content, first, and referring to the recommended readings if anything is unclear. There are a few topics which are often poorly understood, though, namely - setuid programs, and - integer ...

There are no incompatibilities between the libvirt disk image and the virtualbox disk image. They contain exactly the same software packages, running on exactly the same Linux kernel, on exactly the same (virtualised) hardware. The hostname (stor...

Glad to hear you got things working. I'll add the username and password details to the lab sheet. Cheers, Arran

Hi all, Just a reminder that the first assessment (an online Moodle quiz, worth 5 ) will be run next week, so you should make sure you've signed up for Moodle and reviewed the content for weeks 1 3. Participating in the quiz is restricted to enrolle...

In case people are interested although Java and Python both use exceptions, some more recent languages have moved away from exceptions as an approach to error-handling. (For instance, neither Rust nor Go have exceptions.) A big problem with exception...

Thanks for letting me know. Just to clarify the lab worksheet "Using UTM on M-series Mac laptops" suggests a different process to the one you seem to have used. You've extracted a .vmdk file from your .vagrant.d directory, then used qemu-img to co...

Hi, Yes, solutions to any problems posed in a lab worksheet will normally get posted on the website the following week. Cheers, Arran ANONYMOUS wrote

Hi all, Just to let you know, slides for this week (and probably part of next week) got published on the website last night apologies for the delay. (But note that you can access previous versions of the unit's material via the Internet Archive a...

Hi, Just to clarify, have you tried following the lab instructions here utm , which are linked to from the Lab 1 worksheet here lab1 ? Those instructions suggest using - the UTM gallery's ARM64 Ubuntu 22.04 image, which should be fine for most purp...

Hi, Yes, there's no problem with that, any 5.( something ) version is fine. (In fact, the labs should work with any 4. x kernel as well, and some 3. x kernels. The main changes that affect the labs are differences in security features between kernel ...

Hi all, In yesterday's lecture I was asked if using a systems programming language like Rust could help avoid some of the security bugs that are often seen in C code. I mentioned that it can indeed help but it's important to note that it's still...

Hi all, Lecture slides for this week are available on the unit website lect . I recommend taking at least a brief look at these before the lecture then the concepts won't be completely new to you, and you'll be able to ask any questions that you ...

Hi everyone, Welcome to CITS3007 "Secure Coding". I'm your Unit Coordinator, Arran Stewart. I'll be teaching the unit with the help of our facilitators facilitators , Carl, Nicodemus, and Santiago. facilitators https cits3007.github.io facilitat...