Workshop 8: Ruby on Rails Workshops Report and Evaluation

Evaluation and Report

Please answer each question in this evaluation section. In your answer, please consider content/topics presented and the technologies and teaching strategies used during the Ruby on Rails Workshops. Results will be collated and used to modify the workshop series.
This form is just a format guide to you evaluation and report. Thank you for your time to complete workshop 8.

1. List what you consider to be the three strengths of Ruby on Rails workshop series

I consider the 3 strengths to be:

1. Learn RoR from background concept to programming code, then application deployment gradually.
   
2. Provide suitable materials and resources.
3. Good in learning programming coding in Workshop 4 and 5.
   

2. List what you consider to be the three weaknesses of Ruby on Rails workshop series:

I consider 3 weaknesses to be:

1. No enough time to complete the whole application.
2. Each workshop is separated not strongly related.
3. The work load may be too large for a part time student.
   

3. List what aspects of Ruby on Rails workshop series that you found to be most difficult.

The most difficult aspects were:

1. Installation of RoR and setup of MySQL in my Mac for different versions, and too many methods.
   
2. The integration use of Method, View and Control (MVC).
   
3. Workshop 6: use of AJAX
4. Need a lot of time to complete the workshops.
   

4. List what improvements could be made to the Ruby on Rails workshop series:

Improvements you would make include:

1. If the course duration can be longer, it may has enough time to learn better.
2. Improve the relation between workshops.
3. Delivery the workshops early
   

Free response and reflective questions:

5. Reflect on your experiences with the other Web framework used in this subject: Was it effective? How can it be improved? Should other Web frameworks be used as well or instead of Ruby on Rails?

I only have a little experiences in Web framework (PHP and .Net). I think PHP and .Net are more suitable in business world nowadays. It may be better to learn the business software for the student easy to apply the knowlege in their working enrionment. Mircosoft provides 3 months learning edition or free Express edition in SQL server and Visual Studio for us to study.

6. Did the Developer’s or IT managers Team that you joined after workshop 4 have a preference towards using other tools to facilitate collaboration? Comment on the differences between these use of the sub-forum or Interact wiki tools from your experiences in this subject.

As I use a lot of time to complete my exercises and workshops, I can only spend a little works in the focus group of RoR workshop.

7. Further comments to add?

As the tutor in Hong Kong cannot get all the materials directly from CSU, he cannot help us much. It may be better if he can get extra materials to guide us to complete the exercises and workshops.

Workshop 7: End of the Line: production site migration and maintenance

Developers conclude their work with the OTBS and look at the options for deployment of the site. Examine the various platforms/software tools used for deployment such as UNIX environment suggested in the Discussion Notes, Mongrel or Mongrel cluster, Nginx, Subversion or Capistrano (during development stage), JRuby in the Java environment.

Which way?

The choice is up to you as this workshop present just one option and you may like to use another, such as deploying the OTBS in a .NET or J2EE environment

The OTBS is developed using Ruby on Rails (RoR). RoR is a new development language for me. I need to learn the implementation of Model-View-Controller (MOV) pattern in RoR, and code that controls or manipulates the MySQL database associated with my OTBS application. The stores business logic for validating or formatting of data that be stored in the model layer. RoR is good in it's principle of Don't Repeat Yourself (DRY). Rails attempts to impose many best practice techniques and conventions on the developer in order to create web applications that composed both elegantly and correctly (Alameda 2008).

RoR provide the modern database-driven web application, but nothing is perfect (Alameda 2008):

• The performance of RoR is a bit slower than other web technologies.
• Rails is a bit more demanding to deploy when compared to other solution such as PHP.
• The rapidly changing of the Rails, makes the Rails developers to continuously improve both the framework and the development practices.
• Not really understanding the code by the developers when they commonly use the tools (scaffolding) to generate their applications. It is a risk when something goes wrong with the application or need to modify the code to handle a special circumstance.

If I need to develop a web application for my company, I will select Microsoft ASP .Net. ASP .Net is most commonly used in business environment. It provide a easily use graphic tools for us to develop of our application. We could find a lot of resource without difficultly on the Web or other aspect such as supporting from Microsoft, books, training course and developer certificate. The business feels more confident to develop their Web site by ASP .Net, than using other open source tools such as RoR.

Can you get the OTBS Running in production mode as a minimal production server?

When deploy applications for development or testing environment, we need to (Hartl & Prochazka, 2008):

• Configure the production database connection in the file named database.yml.
• Create database in the production server
• Run the migration in Rails by using of 'rake' to construt tables in it
• Stop the development server and start a new server in production environment by using the -e flag (>ruby script/server -e production)

Minimal production server (Hartl & Prochazka, 2008):

• Using Mongrel / Linux OS / Apache Web server, as the Rails application server
• Setup the same softwares (such as Ruby, Rails, database and plugins) on the server like the development computer
• Upload the Rails project to the server, follow the deploy application steps at the above to create and configure the production database
• Install and configure the application server and webserver

A single server running a single Mongrel process is probably sufficient for most Rails application. A single server can be kept adding new Mongrels until you run out of CPU time, at that stage a new servers need to be added. Although caching can minimize database hits, the database may eventually become the application botttleneck. When that point reach, an extra database server need to be added in a master-slave setup (Hartl & Prochazka, 2008).

Reference

1. Alameda, E. (2008), Foundation rails 2, Apress and fiends of ED books.
2. Hartl, M. and Prochazka, A. (2008), Railsspace: building a social networking website with ruby on rails, Person Education, Inc.
   

Workshop 6: Enjoying the Ride: Web framework alternatives, scalability and flexibility

Developers may continue to build upon work with the OTBS using the topic reading to help with user registration and advanced login features from Hartl et al (2008).

o generate a controller and an action by adding a method(s) to a controller;
o create a view template for each action and to link to actions from views;
o use AJAX to improve the user experience; Share your success by posting

progress comments and links etc to the Developers sub-forum site that has been set up for the Red team.

By following the example of the e-book "RailsSpace", I create the Home page of OTBS in my computer:


By clicking on the link: 'Register', The screen redirected to the user registration page:


The fields validation check for user registration:


Typing valid user information into the User Registration form, then submit it by clicking on 'Register!' button:


The return result of new user created successfully:


The user record in the database OTBS:


It is not easy to complete the above user registration page. I follow all the steps from charter 2 to charter 4 in the e-book 'RailsSpace', modify the contents to fit the need of the OTBS. Repeat of the debugging process by review the charters again and again.

I have learn from charter 2 to 4 in the e-book 'RailsSpace' for user registration:

• Changing the route for home page display
• The uses cascading style sheet (CSS)
• Do repeat yourself (DRY) works in Ruby on Rails (ROR)?
• The uses of migration to create and modify table
• The uses of model validations
• Form debug
• Integrate uses of MOV in ROR

By following the charter 6 to 7 in the e-book "RailsSpace", I create the advanced login page of OTBS in my computer. By clicking on the link: 'Login', The screen redirected to the user login page:


Input of invalid user name and password, and select remember me option:


Input of valid user name and password, then redirect to 'Welcome' page:


The database record of the user:


The database record of the user's session:


I have learn from charter 6 to 7 in the e-book 'RailsSpace' for advanced login :

• Test programs
  
• Handle of login session
  
• Protecting pages
• Login forwarding
• Logout & clear password
• Use of cookie functions to remember user passward
• More secure cookie by a secure hashing algorithm

AJAX stands for Asynchronous JavaScipt and XML. AJAX includes several technologies:

• XHTML for the markup of Web pages
• CSS for styling
• Dynamic display and interaction using DOM
• Data manipulation and interchange using XML
• Data retrieval using XMLHttpRequest
• JavaScript as the glue that meshes all this together

The Web page without being refreshed the contents of the entire page, when you retrieve data for a Web page by AJAX. In basic web architecture, when user clicks a link or submits a form, the form is submitted to the server. Then the server sends back a response new page to the user.
When AJAX is used, it loads an AJAX engine in the background. The engine is written in JavaScipt and its responsibility is to both communicate with the web server and display the results to the user. The server returns an HTML fragment that contains the server's response and displays only the data that is new or changed as opposed to refreshing the entire page.

Rails has a simple, consistent model to implements AJAX operations. Once the brower has render and displayed the initial web page different user actions trigger an AJAX operation:

• Some trigger fires: by user clicking on a button or link, user making changes to the data on a form or in a field
• The web client calls the server: A JavaScript method, XMLHttpRequest, send data associated with the trigger to an action handler on the server.
• The server does processing: The server-side action handler does something with the data and returns an HTML fragment to the client.
• The client receive the response: The client-side JavaScript, which Rails creates automatically, receives the HTML fragment and uses it to update a specified part of the current pages.

Exercise 26:

The final topic is for group reflective study using the wiki tool in CSU Interact and a way for you to add a final reflective comment on systems integration and make your closing remarks to your Developer’s blog.

1. Choose ONE of the four ways to manage and develop integrated systems as listed below
I choose the 3. Federated databases
These are multi-tiered systems for load balancing and improving performance across a set of cooperative database servers by horizontally partitioning tables. Member servers can be at separate business sites and are configured to cooperate in processing database SQL requests, similar to clustered systems. Most large database vendors all have database products for implementing a federated system. Consider a comparison of federated vs fault tolerant clustered architectures as used by MySQL database products.

2. Summarise your understanding and describe its relevance (250 words max) in either your study at university or in your work environment
The utility goals of develop integrated system are greater efficiency, effectiveness and competitiveness in organizations. But the term of integration in another way means complex construct in technical, systems, organizations and strategic aspects. Most systems fail due to the lack of complex organizational factors. Most of the planning and resource focus on technical and strategic aspects of the information systems (IS). Today we implement an integrated system more balanced between technical, strategic and organizational analysis.

Taken from Below (1987) and adapted by Thomas (1991):

Before start of multi-tiered systems project, we need to collect and analysis:
• Historical documents – any related project, pass experience
• Organization culture – project handling, resource, budgeting

Project start:
• Define objectives and scopes
• Select suitable solution and database vendors
• Grant approval from top management
• Budget
• Schedule
• Resource arrangement
• Detail project plan

Implementation:
• Monitor project progress
• Review the performance and budget regularly
• Testing and evaluation
• Continue operation plan

MySQL Database cluster allows us to set up a database shared between a number of machines in federated and fault tolerant models. The federated cluster in distributed architecture allows for load balancing, provides benefit in scalability. The cluster servers spread the load in almost linear fashion. The system can handle more transactions and faster response time. The fault tolerant clustered servers provide high availability. The redundant copies of data allow the system stay up, if one or some of machines go down.

3. Edit TWO similar versions (include bibliography) of that summary to CSU Interact:
a. post version A as a wiki page contribution
The first post:


b. add version B as a final entry to close your developer’s blog.
The final entry:


Reference

1. Below, L. J. (1987). The meaning of integration. In proceedings of the third european conference on automated manufacturing. UK: IFS publications.
2. Thomas, P. S. (1991). Implementing computer integrated manufacturing technology - an integrative framework. Ph.D. Thesis, University of Northumbria, Unpublished.
   

Exercise 25: M-commerce and the e-wallet: Innovation and mobile devices

Explore ONE of the problems associated with mobile technology or their suppliers, from 1 to 4 below:
1. What is meant by a location based service?
2. Visit an airline Web site and search for information on WAP or SMS access to booking airline services. Do the same for WAP or SMS services in banking. How do both industries compare?
3. Visit the W3C website and find the status of the VoiceXML project. When do you think it will affect business on the Web and what will its impact be?
4. According to Nokia:
The Nokia One Mobile Connectivity Service provides easy and secure access to email, calendar, directory and more from a mobile phone, PDA, PC or fixed-line phone - take your corporate applications mobile.
Why is a company like Nokia – http://www.nokia.com – described as having end-to-end expertise?

I select the problem: 1. What is meant by a location based service?
Location based service (LBS) is by knowledge of the location of the end user, to deliver relevant, timely and engaging content and information. LBS is an additional stream of revenue that can be generated from their investments in the fixed infrastructure for mobile network suppliers. The end user also advance in helping them to reduce confusion, improve the consumption experience and deliver high-quality service options (Rao & Minakakis, 2003).

The location of the user traditionally is difficult to pinpoint and use due to its inherent dynamism and unpredictability. Today the new technologies integrated into lightweight mobile devices and terminals, pinpointing location become quickly dominant. The quick-moving technologies like GPS, mobile cell phone identification techniques and network triangulation allow carriers to zoom in on customer activity in defined physical location. Because of these capabilities going on more accessible, accurate and real-time, different service like LBS become possible (Rao & Minakakis, 2003).

Different platforms such as PDAs and mobile phones integrated with the wireless network infrastructure, connect to different types of servers to back-end database with serveral technologies. LBS providers need to play attention on mixed solution in software, hardware, and wireless connectivity into a plan for serving LBS content (Rao & Minakakis, 2003).

Mobile network platforms for identification (Rao & Minakakis, 2003):


Deliver focused services using information about customer location is extremely appealing. LBS is full of risks and caveats (Rao & Minakakis, 2003):

• There has been much of infeasible and overstate advertising
• Limitations of the technologies and LBS is not widespread
• Potentially intrude privacy of the customer
• Not a proved effort in developing maintainable business models that sufficiently address and enhance the customer experience.

LBS provide a new source of revenue opportunity for multiple stakeholders in the mobile area. Under the existing technical limitations like device form factors and the speed of data access, and combined with human restriction like reduced consideration sets and the need for speed and convenience, LBS must deliver relevant, targeted, and timely information to consumers at right time and place of their choice. The competitive advantage between the providers will enhance the grow in LBS. They would focus on superior customer experiences, distinctive, secure and high quality service and their branding (Rao & Minakakis, 2003).

Reference

1. Rao, B. and Minakakis, L. (2003), Evolution of mobile location-based services, Communications of the ACM, 46, 61-65.
   

Exercise 24: Virtual business worlds and cyberagents

Search the Web for a site that uses a cyber character or cyber agent to host a business site. (If you create a successful cyber agent, you may be able to get large companies to use it to sell their products online.)

1. Differentiate the various types of software agents.
Software agent is a single software that works for a user or other program in a relationship of agency. The term 'agent' describes a software abstraction, an idea or a concept that similar to the methods, functions and objects in object oriented programming. The agent provides a easy and powerful way to describe a complex software entity that capable of working with a certain degree of autonomy in order to achieve tasks on behalf of its user. Various type of software agents (Wikipedia 2009):

• Intelligent software agents are a branch of artificial intelligence research. The intelligent agents include ability to adapt and learn. Ability to adapt means sensing the environment and reconfiguring in response by choice of alternative problem solving rules or algorithms.
• Autonomous agents are software agents that claim to be autonomous. It is self contained and capable of making independent decisions, and taking actions to satisfy self goals that upon their sense environment.
• Distributed agents are designed to be very loosely coupled and easy to execute as independent threads on distributed processors.
• Multi-agent systems are several agents work together or collaborate with other agents. Data is decentralized and execution is asynchronous in mult-agent systems.
• Mobile agents are agent that moves itself include its execution state from one to another machine to continue execution there. Mobile agents can be used to gather system information, taking files backup, monitoring network throughput or checking of available resources and moderating the resource utilization.
• Fuzzy agents are software agent that implements fuzzy logic. They interact with their environment through an adaptive rule-base and can be considered as a kind of intelligent agent.
  

Haag (Haag, 2006) suggest the following four essential types of intelligent software agents:

1. Buyer agents also called 'shopping bots', they search around the network to retrieve information about goods and services. The Website offer a list of products that you may like to buy such as Amazon.com or eBay.
2. User agents or personal agents are intelligent agents that take action on your behalf. They perform the tasks for you: check e-email, play computer games, assemble customized news reports, find information, fill out forms on the Web automatically, scan Web page and discuss topics with you.
3. Monitoring-and-surveillance(predictive) agents are used to observe and report on equipment, usually computer systems. They may keep track the inventory levels, price of competitors and relay them back to the company.
4. Data mining agents uses information technology to find trends and patterns in a abundance of information from many sources that come from different systems. Users can seek and sort the information in any way they want.
   

2. Describe how techniques such as artificial intelligence and statistical techniques are used in software agents.
The artificial intelligence technique is used in intelligent software agents and Fuzzy agents for capable in ability to adapt and learn. The ability to adapt means sensing the environment and reconfiguring in response, through the select of alternative problem-solving-rules or algorithms, or through the discovery of problem solving strategies. The ability to learn means learning through trial-and-error, then capable to introspection and analysis of behavior and success, capable to abstract and generalize.

The statistical technique is used in mobile agents in gather system information, monitoring network throughput, check resources avaliablity and moderating the resource utilization. The statistical technique is used intensively in data mining agents for information collection and analysis.

3. Identify various activities in e-commerce where software agents are currently in use.
Buyer agents are widely used in e-commerce such as Amazon.com and eBay. Their Website offer a list of products for users to buy. They also use the collaborative filtering technology to show similar products that customers who did the search looked at.

Data mining agents are also used e-commerce for collecting data to promote e-commerce activities. Data collect include the users' browsing history, keywords used in search engines and hit rate of Web page etc.

4. Computing ethics and bot programming case study: rocky
a. Get an account username and password from the lecturer to LC_MOO at http://ispg.csu.edu.au:7680 and login to the Welcome Lobby.
b. Hold a 5-minute discussion with Rocky on a special topic. Commands: act rocky (start bot) hush rocky (stop bot)
c. Rocky is an ELIZA-like bot. Report your findings.

I had login the LC_MOO, activate Rocky and tell with him. Although the answers and the questions of Rocky are not very logical, I still feel like talking with some one else.


Eliza first appeared in the year 60's. It is an automated psychoanalysis program based on the psychoanalysis program based on the psychoanalytic principle of repeating what the patient says and drawing introspection out the patient without adding content from the analyst. Some people actually mistook her for human. If the conversation is limit to talking about yourself and your like, the illusion of intelligence of Eliza work best. But computer program shouldn't be used as a substitute for a human function that requires interpersonal respect, understanding and love (Lee, 1997).

Reference

1. Hagg, S. (2006), Management information systems for the information age, 224-228.
2. Lee, J.A.N. (1997), Eliza, Retrieved at http://courses.cs.vt.edu/~cs3604/lib/Ethics/eliza.html on 11th May, 2009.
   
3. Wikipedia (2009), Software agent, Retrieved at http://en.wikipedia.org/wiki/Software_agent on 4th May, 2009.
   

Exercise 23: Search mechanisms

1. What is a spider? What does it do?
Spider is a program that used by search engines to fatch and analysis documents in the Internet. This action is also called 'crawling'. The home page of the Web sites will be found and indexed by search engines, to get more information it is necessary to conduct a further search on the site in deep. Different from traditional information retrieval, both content and structure of the Web site are critical for Web searching. It is because both of them are important in the Web sites ranking (Paula 2005).

2. What is a meta-search engine? Provide some examples.
Accept search key from users and then transmits the search request to several individual search engines and their databases of web pages. Meta-search engines do not own their search database of Web pages, (UC Berkeley, 2008).

Examples of Meta-searchers:
Clusty: clusty.com
Dogpille: www.dogpile.com
SurWax: www.surfwax.com
Copernic Agent: www.copernic.com

3. How can you get your site listed at major search sites; and how could you improve your site ranking?

Get your site listed at major search sites and improve your site ranking (Yahoo, N.A.):

• Subscript your Web site to major search sites for them easy to reach your Web site.
  
• Declare the key terms that your users will search on to find content like yours carefully. Use those key terms to guide the text and construct your web pages.
• As users are likely to click the link if the title matches their search, then choose terms for the title that match the concept of your document.
• Use meta-tag as a description and wirte the decription accurately and carefully. Make sure the document title and description attract the interest of the user.
• Use 'keyword' in meta-tag to list key words for the document.
  
• Keep relevant text and links in HTML. An HTML site map, with a link from the welcome page, can help to make sure all your pages are crawled by the search engines.
• Use ALT text for graphics for good page design to accommodate text browers or visually impaired visitors.
  

Reference

1. Paula, Y. (2005). The effective use of search engines on the internet: Nursing Standard, 19, 56-64.
2. UC Berkeley (2008), Meta-search engines, UC Berkeley - Teaching Library Internet Workshops, Retrieved at http://www.lib.berkeley.edu/TeachingLib/Guides/Internet/MetaSearch.html on 3rd May, 2009.
3. Yahoo (N.A.), How do i improve the ranking of my web site in the search results, Yahoo, Retrieved at http://help.yahoo.com/l/us/yahoo/search/ranking/ranking-02.html on 3rd May, 2009.
   

Exercise 22

Differentiate between software systems such as Customer Relationship Management (CRM) software, Business-to-Business e-commerce programs and Supply-Chain Management (SCM) software.

Customer Relationship Management (CRM) is a process or methodology used to learn more about the needs and behaviors of customers, in order to build better relationships with them. CRM help to learn a lot of information about customers, sales, marketing effectiveness, responsiveness and market trends. CRM software helps businesses gain insight into the behavior and the value of their customers by using technology and human resources (Knowledge Hills, 2004).

Advantage of using CRM software (Knowledge Hills, 2004):

• Provide better customer service
• Increase customer revenues
• Discover new customers
• Sell products more effectively
• Help to close deals faster by salesman
• Call centers become more efficient
• Marketing and sales processes become simply
  

The CRM software are divided into different area (Knowledge Hills, 2004):

• Contact Management - stores, tacks and manages contacts, contracts and agreements
  
• Lead Management - manages and tracks forecast sales leads, helps to understand and improve conversion rates
  
• Self service CRN - customer interaction, automation of email, call logs, web site analytics, campaign management through Web
  
• Survey Management - automates an electronic surveys, polls, questionnaires and capable understand customer preferences
• Call Center
  
• Help Desk
• Distribution Management

Business-to-Business (B2B) e-commerce between supplies and customers in Internet is conducted by industry sponsored marketplaces and through private exchanges set up by large companies. Certainly, companies also sell their product to business customer through their own Web sites. Most of the companies use such marketplaces mainly to purchase commodity goods, manage their supply chains and conduct indirect purchase that not related to their main business. Different from business-to-consumer (B2C ) e-commerce, most B2B commerce is done through negotiated contracts. It allows the seller to expect and plan how much the buyer will purchase (Net Industries, 2009).

Supply-Chain Management (SCM) is the management of multiple relationships across the supply chain. It is a network of multiple businesses and relationships. SCM provides the opportunity to capture the synergy of intra and intercompany integration and management. SCM is integrate the key business process from end user to original suppliers that provides products, services and information that add value for customer and other stakeholders (Lambert & Cooper, 2000).

The five basic component of SCM (Wailgum & Worthen, 2008):

1. Plan - strategic portion of SCM. SCM planning develop a set of metrics to montior the supply chain, make it efficiency, less costs and higher deliver quality and value to customers.
2. Source - choose suppliers to deliver the goods and services they need to create their product. SCM need to develop a set of pricing, delivery and payment process with suppliers
3. Make - the manufacturing steps. SCM schedule the necessary for production, testing, packaging and delivery.
4. Deliver - refer to as logistics: receipt of orders from customers, develop a network of warehouse, pick carriers to get products to customers and set up an invoicing system to receive payment.
5. Return - receiving defective and excess products back from the customers who have problem with delivered products.

The SCM software provides functions of the above basic steps in SCM, but no one has a complete package that is right for every company. As each industry's supply chain has a unique set of chanllenges. And if employees bypass the supply chain systems and try to manage things manually such as using the fax machine or spreadsheets, then even the most expensive systems will provide an imcomplete picture of what is happening in the SCM of the company (Wailgum & Worthen, 2008).

Relationships between SCM, CRM & B2B:
Many SCM applications are linked to the information store inside enterprise resource planning (ERP) software. The ERP software may include the CRM systems inside. Theoretically the company could assemble the information it needs to feed the SCM. The SCM applications benefit from having the source from CRM to go to for up-to-date information. Applications that simply automate the logistics aspects of SCM are less dependent upon gathering information from around the company. The rise and importance of CRM systems, more companies puts more pressure to integrate all enterprisewide software packages together (Wailgum & Worthen, 2008).

Before the come of the Internet, the SCM softwares are limited to improving theire ability to predict demand from customers and make their own supply chains run more smoothly. Now a day, companies can connect their supply chain with their suppliers and customers together in a single network. That optimizes costs and opportunities for everyone invole into the business. This make the exploseion of the B2B idea in the Internet. Of course, it isn't quite happy to most companies. But today most companies share at least some data with their supply chain partners. The supply chain in most industries is very important for their life, so they don't want to show much of them (Wailgum & Worthen, 2008).
Reference

1. Knowledge Hills (2004), Customer relationship management tutorial, Knowledge Hills, Retrieved at http://crmtutorial.com/CRM/CRM.aspx on 1st May, 2009.
2. Lambert, D. M. and Cooper M. C. (2000), Issues in supply chain management, Elsevier Science Inc., 29, 65-83.
3. Net Industries (2009), Business-to-business (b e-commerce (2b) - b2b e-commerce quantified, b2b e-commerce in early adopter stage, customer server, Net Industries, Retrieved at http://ecommerce.hostip.info/pages/141/Business-Business-B2B-E-Commerce.html on 3rd May, 2009
   
4. Wailgum, T and Worthen, B. (2008), Supply chain management definition and solutions, CIO, Retrieved at http://www.cio.com/article/40940/Supply_Chain_Management_Definition_and_Solutions on 3rd May, 2009.
   

Exercise 21: Shopping cart specification

Develop the class diagram for the following shopping cart specifications:

A shoppingCart object is associated with only one creditCard and customer and to items in itemToBuy object. Persistent customer information such as name, billing address, delivery address, e-mail address and credit rating is stored in the customer object. The credit card object is associated with a frequentShopper discount object, if the credit rating for the customer is good. The customer can make or cancel orders as well as add and delete items to the shopping cart product. The credit card object contains the secure method for checking that the charge is authentic.

Shopping cart class diagram:

Exercise 20: Modeling with UML

Use Case, Class, Sequence, Collaboration, State chart, Activity, Component and Deployment diagrams are used in UML. Describe each of the eight (8) main diagrams used in UML.

Use Case diagram
Use cases are used in requirements elicitation and system analysis stages in a project. It uses to represent the functionality of the system. Use cases focus on the behavior of the system in an external point of view. It creates a visible result for an actor to describe a function provided by the system. In the definition of the boundary of the system, it identifies actors and use cases results. It differntiates the tasks accomplished by the system and the tasks accomplished by the environment. The actors are outside the boundary of the system, and the use cases are resided inside the boundary of the system (Bruegge & Butoit, 2004).

The use case diagram below describe the functionality of a simple watch system. the WatchUser actor may either consult the time on her watch with the ReadTime or SetTime use cases. However, only the WatchRepairPerson actor can change the battery of the watch (with the ChangeBattery use case):


Class diagram
Class diagram is used to describe the structure of the system. Class is abstract, specify the common structure and behavior of a set of object. An object is an instance of a class that is created, modified and destroyed during the execution of the system. Class diagram describe the system in terms of objects, class, attributes, operations and their association (Bruegge & Butoit, 2004).

The class diagram below describe the elements of all the watches of the SimpleWatch class. These watch objects all have an association to an object of the PushButton class, an object of the Display class, an object of the Time class and an object of the Battery class. The numbers on the ends of associations denote the number of links each SimpleWatch object can have with an object of a given class:


Sequence diagram
The sequence diagram also called interaction diagrams. It is used to formalize the dynamic behavior of the system and to visualize the communication between objects. It is useful for identifying additional objects that participate in the use cases. It also represents the interactions that take place among objects. It focuses on the messages exchanged between objects as a result of external events created by actors (Bruegge & Butoit, 2004).

The below sequence diagram for the SetTime use case of the SimpleWatch system. The left most column is the WatchUser actor who initates the use case. Labeled arrows represent stimuli that an actor or an object sends to other objects:


Collaboration diagram
Collaboration diagram describes the same information as sequence diagram. It represents the sequence of messages by numbering the interactions. It removes the geometrical constraints on the objects and results in a more compact diagram. Then the sequence of message becomes more difficult to follow (Bruegge & Butoit, 2004).

The collaboration diagram is equivalent to the sequence diagram in the above:


State chart diagram
State chart diagram describes the dynamic behavior of an individual object in a number of states and transitions between these states. A state represents a particular set of values for an object. When a state is given, a transition will represents a future state of the object can move to and the conditions associated with the change of state (Bruegge & Butoit, 2004).

The state chart below for the SimpleWatch represents different information than the sequence diagram:


Activity diagram
Activity diagram describes the behavior of a system in term of activities. Activities are elements that represent the execution of a set of operations. The complete of these operations are trigger a transition to another activity. Activity diagram is like the flowchart diagrams that can be used to represent control flow (Bruegge & Butoit, 2004).

The activity diagram below represent the behavior in terms of activities and their precedence constraints. The completion of an activity triggers an output transition, which in turn may initiate another activity:


Component diagram
Component diagram depicts how components are linked together to form larger components and or software systems (Bruegge & Butoit, 2004).

The component diagram bellow is the WebServer component and its containing classes in it:


Deployment diagram
Deployment diagram is used to describe the relationship among run-time components and hardware nodes. Components are self-contained entities that provide services to other components or actors. Nodes are represented by boxes containing component icons in the Deployment diagram (Bruegge & Butoit, 2004).

The deployment diagram below represent the allocation of components to different nodes and the dependencies among components. The Web browsers on PCs and Macs can access a WebServer that provides information from a Database:


Reference

1. Bruegge, B. and Butoit, A. H. (2004), Object-oriented software engineering: using uml, patterns, and java, Prentice Hall.
   

Exercise 19: TP monitors and transaction protocols

1. Give a description in your own words of the ACID properties of a transaction.

ACID is combine with the words: Atomicity, Consistency, Isolation and Durability. ACID is properties sets that sure the database transactions work reliable. In the database architecture, a transaction is a single logical process or a set of sequential process to preform a task. For an example, transfer of funds from one bank account to another is called a transaction process. Although it might involve multiple individual operations in different bank accounts within the database (Wikipedia, N.A.).

Atomicity - the DBMS ensure either all of the tasks of a transaction are done or none of them.
Consistency - before start and over of a transaction, ensure the database remains in a consistent state.
Isolation - the data in an intermediate state during the transaction processing cannot be accessed or saw by other operations.
Durability - After the transaction have been done successful, that transaction will become persistent and not be undone.

2. Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?

TP monitor provides an execution environment for resource managers and applications. TP monitor launches a server to perform the request, when requests arrive from local or remote clients. Before creating a server for a request, the TP monitor authorizes the client to the service. The client must be authenticated by the TP monitor as a particular person or group of persons. TP monitor also records the security check or security violation in an audit trail (Gray & Reuter, 1993). TP monitor handle two important processes (Ince, 2002):

• Manage the concurrent execution of threads and processes, ensure the ACID properties in a transaction
• Ensure the consistent update in a share update transcation of data when other transaction wsih to acces the shared data.

TP monitor does not replace the operating system completely, though that might be possible. The operating system can handle batch, time-sharing and communication. TP monitor trake care of online transaction processing (OLTP) and distributed transaction(Gray & Reuter, 1993).

3. What is difference in load balancing with traditional and transactional MOM, RPC and conversations?

Load balancing with traditional and transactional:
A load-balancing solution connects multiple servers work together, make them look like a single and high-powered network resource to those accessing the system. It does this by selectively forwarding connections to the many servers arrayed behind it in a equitable manner, according to the operational health of the server and the nature of the query (Intel, 2000).

The traditional load balancing solutions check the health of the server, in order to determine which machines are able to handle the incoming request. This can be traced either by testing the server with an artifical client, or by sending it a series of scripts that can try out critical pages and look at the responses. This simply responding to occasional health tests is no longer adequate for today's right content in a timely manner (Intel, 2000).

The transactional load-balancing (or transactional content awareness) solution monitor actual transactions on an ongoing basis. The more important the transaction,the more necessary it is that both parties involved are certain it has been completed. An automated teller machine (ATM) system, valuable exchanges of money and information, it is important to be sure that transactions have been completed properly. Load balancing must be transaction-aware (Intel 2000).

RPC and conversations:
Remote procedure call (RPC) is a interprocess communication technique. RPC allows communication between client and server software (Microsoft, 2000). The general communication of RPC is very simple and patterned like human conversation habits (HXP, 2004). RPC work in computers and use network for communication channel, but conversations are communication between people and use air for media channel.


RPC works over the Internet, Intranet and local host:


4. Why is a two-phase commit protocol better than a one-phase atomic commit protocol?

The two-phase commit (2PC) ensure that either all the databases are udpated or none of them (Webopedia, N.A.):

• 1st phase: requested changes of the database by a transaction are initially stored temporarily by each database. The transaction monitor and issues a pre-commit command to each database which requires an acknowledgment (Webopedia, N.A.). Voting phase which ensure that all sites are ready to commit (Veda & Mittal, 2004).
• 2nd phase: If the monitor receives the proper response from each database, the monitor issues the commit command. The commit command causes all database to simultaneously make the transaction permanent changes (Webopedia, N.A.). Decision phase which ensure uniformity at abort or commit at all sites (Veda & Mittal, 2004).

The one-phase commit (1PC) protocol overlaps the voting phase with the execution of transaction and just has a decision phase. The Implicit Yes Voting and the Coordinate Log are implemented in the 1PC protocol. 1PC can not the deferred consistency constraints (Veda & Mittal, 2004).

2PC is better than 1PC (Veda & Mittal, 2004):

• Ensures atomicity even in deferred constraints
• Ensures independent recovery of all sites
• As it takes place in 2 phases, it can handle network failures, disconnections and in their presence assure atomicity that 1PC cannot.
  

Reference

1. Gray, J. and Reuter, A. (1993), Transaction processing: concepts and techniques, Morgan Kaufmann Publishers, Inc.
2. HXP (2004), Rpc - remote procedure call, Healthcare Xchange Protocol, Retrieved at http://hxp.sourceforge.net/rpc.html on 29th April, 2009.
3. Ince, D. (2004), Developing distributed and e-commerce applications, 2nd edition, Addison-Wesley.
4. Intel (2000), Transactional load-balancing systems: delivering true server availability, Intel.
5. Microsoft (2000), Remote procedure call, Microsoft TechNet, Retrieved at http://technet.microsoft.com/en-us/library/cc958781.aspx on 29th April, 2009.
6. Veda, A. and Mittal, K. (2004), Project report: one and two phase commit protocols, Kanwal Rekhi School of Information Technology.
7. Webopedia (N.A.), Two-phase commit, Webopedia, Retrieved at http://www.webopedia.com/TERM/T/two_phase_commit.html on 29th April, 2009.
8. Wikipedia (N.A.), Acid, Wikipedia, Retrieved at http://en.wikipedia.org/wiki/ACID on 28th April, 2009.
   

Exercise 18: Threading demonstration in Python

A simple demonstration of the threading module in Python that uses both a lock and semaphore to control concurrency is by Ted Herman at the University of Iowa. The code and sample output below are worth a look. Report your findings.

I download the threaddemo.py from the CSU Website and run it in my Mac. Three samples result in my computer:

I ran the program for several times, the results are similar but different. The time taken for each running of the program are slightly different. The running time of 10 tasks thread are different by system generated randomly. The program only allow 3 tasks running concurrently. When a task completed, another task will start. The tasks running like a jobs queue in FIFO model.

Exercise 17: Concurrency terms

Find definitions for eight terms and concepts used in threaded programming:
1. Thread Synchronisation
2. Locks
3. Deadlock
4. Semaphores
5. Mutex (mutual exclusion)
6. Thread
7. Event
8. Waitable timer.

1. Thread Synchronisation
A thread may execute process with multipe objects, as well as multiple threads may attempt to execute processes that involve a single object. Thread synchronisation is a process by which threads interact to check the status of objects (Bak, 2000). In thread applications, synchroize individual threads with other parts of program is needed. The unstructured nature of multithreaded programming and the structured order of synchronous processing are compromised by Thread synchronisation (MSDN, N.A.).

2. Locks
An object may accesses by multiple threads, to prevent all but one thread from executing a process to an particular object. Locked is involves to allow only one thread is permitted to operate on that object. (Bak, 2000). Most server software provide two types of locks for optimize the locking process, they are read lock and write lock (Ince, 2002).

Flowchart of object locking (Bak, 2000):

• step 31: threaddetemines whether the object is locked
• step 33: current thread get exclusive access rights to the object
• step 34: the object was locked by current thread previously
• step 35: the object locking process stop
• step 37: the object was locked by other thread, the current thread waits for the object to be unlocked before continuing
  

3. Deadlock
Deadlock is two or more threads are waiting for one another to be finish (or unlock), but neither ever does. The threads may waiting for object lock in a circular chain. The object lock to guarantees exclusive access to processes. Deadlocks are a commonly troubling as there is no general solution to avoid (Wikipedia I, N.A.).

4. Semaphores
Semaphore is a protected variable or abstract data type which make up the method for limiting the access of sharing resources such as shared memory in a multiprogramming environment (Wikipedia II, N.A.).

5. Mutex (mutual exclusion)
Mutex is the short term for mutual exclusion. An object that allows multiple threads to share the same resource not at the same time is called mutex. When a program start, a mutex is generated with a unique name. Any thread that needs the resource of the object must lock the mutex from other threads while it is using the resource. The mutex is set to unlock state during the data is no longer needed or the process is finished (Webopedia, N.A.).

6. Thread
Thread is a sequential spread of control within a program. Each thread has its own execution stack where method activation reside. Threads can either be cooperative or concurrent running in a system (Bak, 2000). Threads also called lighweight processes and are likely to forking a process. As multiple threads of a process utilizes the same address space (all static and external data, open files are shared), can make parallel programming easier. Threads are used when need to protect shared resources or synchronise resources. Threads exist in modern operating systems software like UNIX, Microsoft Office (Eustace 2009).

7. Event
Event is the simplest mechanisms for communication between threads. If a thread signals an event and other threads will wait for it. An event object manages is an changeable internal flag (Python, 2005).

8. Waitable timer
Waitable timer is a synchronization object. Its state is set to signaled when a specified due time reach (Mischel, 2009).

Reference

1. Bak, L. (2000), Thread synchronization in a computer controlled by an object-based, Sun Microsystems, Inc.
2. Eustace, K. (2009), E-systems infrastruction development - itc594 study guide, CSU.
3. Ince, D. (2002), Developing distributed and e-commerce applications, 2nd edition, Addison-Weskey.
4. Mischel, J. (2009), Waitable timers in .net with c#, DevSource, Retrieved at http://www.devsource.com/c/a/Languages/Waitable-Timers-in-NET-CSharp/ on 28th April, 2009.
   
5. MSDN (N.A.), Thread synchronization, Microsoft, Retrieved at http://msdn.microsoft.com/en-us/library/dsw9f9ts.aspx on 28th April, 2009.
6. Python (2009), Python library reference - event objects, Python, Retrieved at http://www.python.org/doc/2.3.5/lib/event-objects.html on 28th April, 2009.
   
7. Webopedia (N.A.), Mutex, Webopedia, Retrieved at http://www.webopedia.com/TERM/M/mutex.htmlon 28th April, 2009.
   
8. Wikipedia I (N.A.), Deadlock, Wikipedia, Retrieved at http://en.wikipedia.org/wiki/Deadlock on 28th April, 2009.
9. Wikipedia II (N.A.), Semaphore (programming), Wilipedia, Retrieved at http://en.wikipedia.org/wiki/Semaphore_%28programming%29 on 28th April, 2009.
   

Exercise 16: Authentication and Encryption systems

1. Visit an e-commerce website and survey the mode of payment allowed. Would you trust the site with your business?

I want to the the ebay Web site at: http://www.ebay.com/. I tried to buy the Wii game console in it. If I confirm to buy that item, I need to PayPal account to process the payment.

PayPal is a payments gateway (or a payment middle man):

• Make secure purchases without revealing credit card number or financial information of the customer
• Pay quickly
• Shop using PayPal on eBay or thousands of merchants worldwide

PayPal (http://www.paypal.com) need to pay transaction fee for each payment.

I trust that site (ebay) with my business, as the payment are through the famous 3rd person and my financial information would not be exposed to the merchants.

2. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

Trust of Internet shopping does not simply between the internet merchant and the customer, also between the consumer and the computer system through which transactions are executed. The quality of the product cannot be changed by the customer before making a purchase, or monitor the safety and security of sending personal sensitive information such as credit card numbers through the Internet to someone whose behaviors and motives may not easy to predict. The effectiveness of 3rd party trust-certification bodies such as TRUSTe or Verisign and public key encryption infrastructure for ensuring transactional security are significant success factors for Internet shopping (Lee & Turba, 2001).

Secuity of e-commerce can create trust, a security site should be (Josang & Tran, 2000):

• Authentication - provide proof of identity and prevent an attacker from masking as a real user.
  
• Non-repudiation - provide proof of expedition or receipt
  
• Confidentiality - ensure that only legitimate users can read message
  
• Integrity - ensure that illegitimate modification, deletion, creation or replay of digital messages.
• Availability - ensure that an application is not break up by illegitimate actions
  

Serveral important security services such as non-repudiation and authentication are based on Public-key cryptography. It also an essential building of SSL (Secure Sockets Layer) that is used for securing Web communication (Josang & Tran, 2000). The are important in Web security, and build up trust between the merchants and customers.

Trust for e-commerce has four main components (Patton & Josang, 2002):

1. Affecting trust before the site is accessed: brand reputation, previous off-line experiences with the merchant, differences between individuals in their general propensity to trust
2. Interface properties: graphic design and layout, content organization and usability
3. Informational content: information the merchant provides about products and services, privacy policies and privacy practices
4. Relationship management: post-purchase communication and customer service

Trust is based on experience from time to time, establishing initial trust could be the major challenge to new customer in e-commerce. Without such initial trust, merchants cannot build a good transaction history. Merchants can 'buy' trust though advertising said by (Patton & Josang, 2002). The above trust components can be verified by the customer.

3. Visit the Verisign web site - what solutions does it offer for e-commerce?

I visit the Verisign at: http://www.verisign.com/. Verisign provides the Consumer Products and Retail Solutions for e-commerce. The VeriSign Identity Protection (VIP) provides authentication and transparent fraud detection from a trusted provider protects online transactions without slowing transactions.

4. Visit the TRUSTe web site. Describe what services and solutions are offered.

I visit the TRUSTe web site at: http://www.truste.com/. TRUSTe helps Web sites to build customer confidence to work, play and shop online. TRUSTe provides service to proof Web site strict privacy principles, and who strive to treat customer information with the utmost respect. If the Web sites meet their requirements, they will have a TRUSTe Web Privacy Seal.

5. Get the latest PGP software from http://web.mit.edu/network/pgp.html; install it on two machines and encrypt a message on one machine and decrypt it on the other. Report your findings.

The PGP software was no longer distributed by MIT:


The PGP software can be download at:
http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html
or
http://www.pcworld.com/downloads/file/fid,3178;order,1;page,1;c,All%20Downloads/description.html

The PGP encrypts files with recipient's public key or sender's private key. When recipient receive the encrypted file, the recipient can decrypts the file with his own private key or sender's public key. The recipient can use the PGP software to check the integrity of the encrypted file to ensure that the file have not be altered by other.

PGP is Pretty Good Privacy provides cryptographic privacy and authentication. PGP are commonly used for signing, encrypting and decrypting files for email. PGP encryption uses the Public Key Infrastructure (PKI).

Encrypts files output to test.pgp:



Verifies file integrity and decrypts the test.pgp file, then unzip the files into the Test folder:


6. The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?

Legitimate users validation:

• by user name or login ID, and password. Commonly use in most systems
  
• by personal card and password. Example: use of automated teller machine (ATM) card by bank
  
• Fingerprint recognize system. Example: use in door lock, computer system login.
  
• Iris recognize system. Example: use in door lock
  

Reference

1. Josang, A. and Tran, N (2000), Trust management for e-commerce, Virtual Banking 2000.
   
2. Lee, M.K.O and Turba, E. (2001), A trust model for consumer internet shopping, International Journal of Electronic Commerce, 75-91(6).
3. Patton, M. A. and Josang, A. (2002), Technologies for trust in electronic commerce, Kluwer Academic Publisher, Electronic Commerce Research 4, 9-21.
   

Exercise 15: Protecting and archiving data

1. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?

Firewall is a device that protects data on systems and the computer system themselves. Firewall provides a controll point of entry into and out of computer system (internal network). Computer system may a very large investment for a company. Firewall help to minimize the chance of needed repairs for an intrusive attack from outside (such as Internet). Firewall is a safegruad which protect (Zalenski, 2002):

• Data integrity - Data needs to be protected from any unwarranted changed
• Availability - Data needs to be accessible when needed
  
• Secrecy - Data privacy needs to be secured when applicable

If the system of a company is attacked by malicious intrusion, the ability of the system may decrease or halted. This inability may infect deliver as promised, and can damage the integrity of the company. The revenues of the company may be hurted (Zalenski, 2002). Those make firewall become a good investment.

Firewall Vendors:

• Check Point - http://www.checkpoint.com, provides integrated appliance solutions (Security Gateways) for both hardware and software
  
• SonicWALL - http://www.sonicwall.com, provides both hardware and software firewall products
• Juniper Networks - http://www.juniper.net, provides both hardware and software integrating firewall called NetScreen.

2. Find out if your university or workplace has a backup policy in place. Is it followed and enforced?

My company has the backup policy:

• Critical data should be backed up
• Backup data should be stored at a location that is physically different from its original creation and usage location
• The ability to retrieve and restore backup data should produce successful results. The verification through restoration from backed-up data, should be performed on a regular basis
• Procedures for backing up critical data and testing of the procedures should be documented.

We almost follow the above policy in our daily backup:

• We backup application's data, user's data and users' e-mail daily
• Write down the daily backup status in the log book
• Store the backup tapes in China's office
• Restore the backup files from tape monthly for verification
  

3. Most of the antivirus software perform an active scanning of the user activity on the Internet, detecting downloads and attachments in e-mails. Hackers have readily available resources to create new viruses. How easy is it to find a virus writing kit? Search the Internet and find such a tool. For example, see what you can find at http://vx.netlux.org/dat/vct.shtml.

I search the 'virus writing kit' in Yahoo. The result of it:


There are many documents in the internet talking about virus writing kits. They said that the virus writing are easy be downloaded from the Internet like (Szor, 2005):

• VCS (Virus Construction Set) - the first virus generator written in 1990.
• GenVir - released as a shareware in France by J. Struss in 1990-1991.
• VCL (Virus Creation Laboratory) - was written in US in 1992.
• PS-MPC (Phalcon-Skism Mass-Produced Code Gemnerator) - was created in 1992 in US by Dark Angel.
• NGVCK (Next Generation Virus Creation Kit) - introduced in 2001 by SnakeByte
• Amateurs - over 150 kits and code mutators are available, in 1996 such tools become extremely popular
  

Example of Virus Generator Kits:


Reference

1. Zalenski, R. (2002), Firewal technologies, Potentials, IEEE, 24-29.
2. Szor, P. (2005), Advanced code evolution techniques and computer virus generator kits, informIT network, Retreived at https://www.informit.com/articles/article.aspx?p=366890&seqNum=7 on 27th April, 2009.
   

Exercise 14: Electronic payments and security II

1. What are cookies and how are they used to improve security?

As HTTP is stateless, it does not support the browser and server interact continuity. Cookies were produced to maintain continuity and state on the Web. Cookies contain a character strings which encoding relevant information about the user. Cookies are sent to the hard disk of the user or RAM through the browser during the user visists a website that using cookies. The Web server get the user's information from their cookies when the user returns later (Park & Sandhu 2000).

Cookies are used for authenticating, session tracking or state maintenance and maintaining users' specific information. Cookies allow the server to recognize that the user is already authenticated, then user can access services or perform operations that only allow logged in user (Wikipedia 2009).

2. Can the use of cookies be a security risk?

Web server could user a cookie to store user's name and credit card numbers. Although this is convenient for users, it would also a risk. As the cookies are stored and transmitted in text, they are readable by others (Park & Sandhu 2000).

Typical cookies on the Web (Park & Sandhu 2000):


All cookies are fundamentally similar in the above format. 'Domain' is the host or domain name where the cookie is valid. 'Flag' is used to specifies whether or not all machines within a given domain can access the information of the cookies. If the 'Secure' flag is on, the cookie will be transmitted only over secure communications channels such as SSL. There has a secure problem that a Web server can update contents of the cookies whenever the user visists the server. The validation is not important for cookie-issuer, as any Web server can issue cookies for other Web servers. Security risk to cookies (Park & Sandhu 2000):

• Network risk - cookies transmitted in clear text in the network, can be capture or modify by others
  
• end-system risk - cookies exist in the browser's end-system, it stores on the hard drive or memory in clear text. Those contents could be altered by users eaily
  
• cookie-harvesting - if cookies are collected by an attacker from users who accept cookies, the attacker can later use those harvested cookies for all other sites accepting them.
  

Reference

1. Park, J.S. and Sandhu, R. (2000), Secure cookies on the web, Internet Computing, IEEE, 36-44(4).
2. Wikipedia (2009), HTTP cookie, Retrieved at http://en.wikipedia.org/wiki/HTTP_cookie on 24th April, 2009