Elevator pitch 2

Hi, I'm Leo Lee, an IT infrastructure Consultant.

I’ve selected the role of IT Infrastructure Manager, as the knowledge of workshop 5 to 8 can be directly applied to my job.

This Elevator pitch talks about the Topic 7 to 12.

In topic 7, Internet Security, the basic concepts like LDAP standard, firewall, Secure Shell and Cookies are discussed. Topic 8, the Concurrency and Transactions, how programming handling multi-thread process are introduced. Topic 9, Designing Distributed Systems, where business process modeling and architecture such as MVC, UML, Use Case model are mentioned. Topic 10, the Bots, software agents, spiders and mobile computing are addressed. Topic 11 Case Studies talk about the XML catalog in E-commerce. Last topic 12, System Integration, wider scope like ERP, CRM, workflow management, SOA are included.


Hope this give you a quick picture. Have a nice day. Bye

The audio file supposed to be attached here. However, I've uploaded many times with different formats but all failed. It seems is a bugs of Blogger because there are many reported cases but no solution. So the audio file is sent to EASTS directly.

Workshop 8

Ruby on Rails Workshops Report and Evaluation

Topic objectives

Upon the completion of this workshop, developers or managers should be able to:

· Identify and evaluate the Ruby on Rails workshop series

· Think critically and analytically about what you knew before and after the experiences

· Share and post your Report and Evaluation with peers via the subject forum.


Evaluation and Report

Please answer each question in this evaluation section. In your answer, please consider content/topics presented and the technologies and teaching strategies used during the Ruby on Rails Workshops. Results will be collated and used to modify the workshop series.

This form is just a format guide to you evaluation and report. Thank you for your time to complete workshop 8.

1. List what you consider to be the three strengths of Ruby on Rails workshop series

I consider the 3 strengths to be:

• Introducing the new Web framework Ruby on Rails, which is the star to come
  
• Giving the students a structured approach to understand the RoR language
• Allow different roles that suit the individual environment
  

2. List what you consider to be the three weaknesses of Ruby on Rails workshop series:

I consider 3 weaknesses to be:

• Many typos, difficult to follow
  
• The material is about two years old, not up-to-date
  
• Focus on the RoR only, not include other popular frameworks
  

3. List what aspects of Ruby on Rails workshop series that you found to be most difficult.

The most difficult aspects were:

• Quite in-depth, difficult for the students do not have programming knowledge, like me
• The information are not correct, very difficult to follow, e.g. the syntax of command is wrong.
  

4. List what improvements could be made to the Ruby on Rails workshop series:

Improvements I wold make include:

• Having option for the students do not have programming technique
• Linkage to the networking system, e.g. Layer 3 operation
  

Free response and reflective questions:


5. Reflect on your experiences with the other Web framework used in this subject: Was it effective? How can it be improved? Should other Web frameworks be used as well or instead of Ruby on Rails?

• Although this subject is immensely difficult for me, this subject is very good to have an idea for the Web 2.0 world. This subject can be improved by:
• Correcting the typos
• Update the information
• Having the study guide opened and linked to web sites to get the latest information

6. Did the Developer’s or IT managers Team that you joined after workshop 4 have a preference towards using other tools to facilitate collaboration? Comment on the differences between these use of the sub-forum or Interact wiki tools from your experiences in this subject.

• It looks RoR is really a good technology, but it looks the performance and scalability is a big issue so it's not the main stream despite the good things.
  

7. Further comments to add?

• This subject is really a good experience.
  

Workshop 7

End of the Line: production site migration and maintenance

IT INFRASTRUCTURE MANAGER’S THREAD (BLUE team)

To Do:

What are the hosting solutions?

Will our Rails applications run on a cloud computing service in future?

Can we make a deployment and maintenance plan by team consensus?

Build upon the Blue team wiki inside Interact, from Workshop 6 by beginning a new page to add your ideas for policy planning and documentation about production site deployment and maintenance solutions.

Administration, scaling, reliability and integration with existing and future services are issues.

Consider all the business options of both in-house deployment and outsourcing as shown by hosting sites like http://www.engineyard.com/

In-House Development vs. Outsourcing

There are many hosting solutions available in the market, each of them has different characteristics and benefits. But before choosing the platform, the more important business decision should be made, that is: whether the web hosting should be built in-house or outsourcing. This consideration is not new, especially in the years of slow economics where cost is a critical factor. More, the emergence of the utility computing (pay per usage) and the technology of Cloud computing makes the decision more precedent to the choice of hosting solutions.

To decide in-house or outsourcing, pros and cons have to be evaluated. According to a Forrester Research report, financial saving is a big proponent, the 'IT shops that outsource infrastructure management and application services can expect to save 12% to 17% annually on average, which means U.S. companies are sitting on about $10 billion in potential savings'. (Networkworld, 2010). From another research by PricewaterhouseCoopers, 40% of outsourcing companies said they want to improve customer relationships. Another 37% uses outsourcing to develop new products or services, and about one-third wants to expand to other locations. Besides the monetary saving, the data security or confidentially is the major reason from using outsourcing, especially the financial institutions and government bureaus.

Networkworld.com. (2007). Outsourcing vs. keeping it in-house. Retrieved on 25 May 2010 from http://www.networkworld.com/news/2007/102607-arguments-outsourcing-inhouse.html?nwwpkg=50arguments&ap1=rcb

According to the Executive white paper from Verizon, there are ten benefits of the outsourcing. (Verizon, 2004).

1. More profitable use of valuable in-house IT talent
2. Reduced IT overhead
3. Reduced capital expense
4. Improved IT performance and reliability
5. A technology edge over competitors
6. Access to different skills and technology as needed
7. Accelerated development and time-to-market cycles
8. Reduced risk of unscheduled downtime
9. Smoother, less costly technology migration
10. Business contingency and continuity capabilities

Verizon. (2004). The IT Outsourcing Dilemma. Retrieved on 25 May 2010 from www22.verizon.com/it/files/outsourcing_dilemma_wp.pdf

Come back to the taxi company, the security is not the major concern because the database consists of mainly passengers location information instead of financial transaction. (not all customers will pay by credit card). All the 10 benefits above are directly applicable. Therefore, the final decision is to maintain a small in-house team over the new technologies and features development to stay ahead of competitors and improve customer experience. Other operations like the physical hosting of servers and networks, backup...etc. would be outsourced.

Choosing a Web hosting solutions

From the workshop 6, we have found that Ruby/RoR and Python are the best choices for building Web 2.0 startup and we have decided the Ruby on Rails is the right choice for Taxi online system.

Engine Yard, is 'a Rails Application Cloud for web developers and web teams running on top of cloud computing infrastructure. It provides easy-to-use, automated Rails application deployment and management, with a design philosophy that allows easy migration of your existing applications.'. (Engine Yard, 2010). The features vs. our requirement are listed below:

Requirements	Features	Benefits
Administration	Monitoring & Alerting	Engine Yard Cloud tracks all the essential resource utilization for your application and alerts you when you need additional capacity, or when your latest application push is behaving poorly. Storage, CPU and memory utilization levels are all tracked for conformance to pre-configured thresholds, and email alerts provide timely warnings.
Administration	Self-Service Provisioning	Use the Engine Yard Cloud user interface to add and subtract instances on demand. Our Cloud dashboard makes it easy to see the status of your application, and to add and remove capacity or deploy new application versions.
Scaling	Managed Application Runtime	Engine Yard Cloud provides you with a pre-integrated, pre-tested Ruby on Rails technology stack, including web, application and database servers, built-in monitoring and process management, a Rails-optimized linux distribution, in-memory caches and more. All components are monitored for security vulnerabilities and updated continuously as vulnerabilities are discovered and patched.
Scaling	Seamless Application Capacity Management	Configuring new applications capacity used to be a multi-hour task—now it’s a single click. With Engine Yard Cloud, capacity management is always application aware. Add an additional instance to your application tier, and that instance will automatically deploy with the correct application configuration and join your load-balanced group.
Scaling	Auto Deploy-From-Source	Engine Yard provides seamless integration with source code management. Simply add a special comment to your source code check-in and you can have it automatically deploy to a staging or test environment. Now your whole team can always see the current application version.
Scaling	Application Templates	One of the essential concepts of an Application Cloud is that all the information required to reproduce application capacity is stored in a configuration management system. With Engine Yard Cloud, you can easily manage application configurations with our application templates, which encapsulate source code, Ruby gems, linux packages and other essential details.
Scaling	Extensible Configurations	If you need to use a component or package that Engine Yard does not install or configure by default, you can write a configuration recipe to extend our configuration management system. A configuration recipe is a simple Ruby-based domain specific language that allows you to specify installation and configuration steps for any package you need to install.
Reliability	Replicated Database Tier	As your application scales, so should your database. With Engine Yard Cloud, adding a database read replica is as simple as clicking on a button. Scale out by adding more replicas, which can be used to perform complex analytics, backups and maintain high availability without sacrificing on application performance.
Realiability	URL Availability Monitoring	Serious production applications require all services to be available at all times. Engine Yard Cloud monitors all your essential services, including configurable application URLs, and alerts you when there is any unexpected downtime.
Integration	Utility Tier	Most serious web applications require specialized components outside of the application and database tier. With Engine Yard Cloud, you can easily create a utility instance tier and associate configuration recipes to it. Simply add new servers to do repeatable deploys of custom applications or to offload complex processing to dedicated servers.

Workshop 6

Enjoying the Ride: Web framework alternatives, scalability and flexibility

Topic objectives

Upon the completion of this workshop, developers or managers should be able to:

· Discuss and analyse the latest Web framework technologies based upon experiences so far with Ruby on Rails

· Identify and evaluate challenges and opportunities concerning the use of the latest Web 2.0 technologies and to ‘benchmark’ (compare) other alternatives;

· Discuss and evaluate current Ruby on Rails framework and the alternative emerging technologies.

· Evaluate and devise scalability, flexibility, capacity planning and performance testing strategies for conducting e-commerce.

· Deploy Web 2.0 or later technology in their business environments such as the ideas and methods of the ‘RailsSpace’ approach to the OTBS

· Think critically and analytically when exposed to new technologies.

· Share your findings with your peers and examine what the other team is doing.

IT INFRASTRUCTURE MANAGER’S THREAD (BLUE team)

To Do:

Are we certain that Ruby on Rails is the right platform for Web development?

Your findings should answer that question using the Blue team wiki inside Interact.

Blue team IT managers need to write a team report on the wiki about the alternative frameworks, focusing on issues of scalability, flexibility. In addition a plan for capacity planning, performance testing, site maintenance and future development of the OTBS is presented. Chapter 17 of Hartl et al (2008) is a good place to start. The structure and content and comments made in the wiki report is up to you and your team members.

[This is open to include current alternative frameworks offered by Google Apps, JQUERY, Django, Adobe as well as Java and .NET frameworks that can be included. Your research may also expand the scope to include content management systems.]

The Web 2.0 is no longer a static Web page to show something, the Web 2.0 websites are more interactive with the viewers to receive as well as provide information. According to Tim O' Reilly, the Web 2.0 'can build on the interactive facilities of "Web 1.0" to provide "Network as platform" computing, allowing users to run software-applications entirely through a browser. Users can own the data on a Web 2.0 site and exercise control over that data. These sites may have an "Architecture of participation" that encourages users to add value to the application as they use it.

(O'Reilly, 2005)

O' Reilly, T. (2005). What Is Web 2.0. Retrieved on 24 May 2010 from http://oreilly.com/web2/archive/what-is-web-20.html

The Ruby and Rails is a web development framework that enables the Web 2.0 websites to be easily constructed, the major features can be summarized as below. (LinuxJournal.com, 2008)

• MVC architecture: Ruby on Rails is based on the MVC (Model View Controller) architecture that enables the data to be separated from presentation.

• Database Access Library: Ruby on Rails includes a database access library - Active Record - that simplifies data handling in databases. Active Record automatically maps tables to classes and rows to objects.
• Libraries for common tasks: Ruby on Rails includes a host of libraries that simplify the coding of common programming tasks such as form validations, sessions management, etc.
• AJAX Library: An extensive library of AJAX functions is provided in the Rails framework. Ruby code can be used to generate AJAX code. The associated java scripting required for AJX gets generated automatically.
• Convention over configuration: Ruby on Rails does not have any XML configuration files. It includes simple programming conventions that can be used to specify the configuration parameters.
• Customized URL: Custom or Search Engine Friendly URLs can be developed using the Ruby on Rails framework.
• Debugging: Detailed error logs are provided, making it easier to debug applications.
• Components: Components can be used to store reusable code. Components can
• be included to modularize templates.

LinuxJournal.com. (2008). Ruby on Rails Features. Retrieved on 24 May 2010 from http://www.linuxjournal.com/content/ruby-rails-features-railsonrubycom

Besides RoR, there are many Web development platforms on the market, e.g. PHP, Java, .NET, Google Apps... many more. All these frameworks are adopted by different camps and all the proponents support their favor from their point of views. There is no 'absolute' objective comparison because the features and operating environments could be vastly different.

A 'qualitative' comparison by Tim Bray, the Director of Web Technologies of Sun Microsystems, was done by comparing the different Intrinsics. The intrinsics are used to handle issues as below:

Intrinsics	Issues
Scaling	Load Balancing, CPU, Observability, File I/O, Sharing-nothing, DBMS
Developer Speed	Compilation Step, Code Size, Development Step, Configuration Process
Development Tools	IDE, Templating, How many tools? O/R Mapping, Performance, Documentation
Maintainability	MVC, Language count, Object Orientation, Code Size, Readability

After consideration of the factors, below is the comparison.

From this comparison, the RoR is good at Development Speed and Maintainability, but not the Scaling and richness of Developer Tools



Bray, T. (2008). Issues in Web Frameworks. Retrieved on 24 May 2010 from http://www.tbray.org/talks/php.de.pdf


Another comparison is done by Sergii Gorpynich, the CTO of Cogniance and leads Cogniance engineering team, five web frameworks are compared: (Gorpynich, 2010)

Web Framework Technologies

J2EE/EJB3

J2EE/Spring-Hibernate

Ruby/RoR

LAMP/Python

LAMP/PHP

.NET

The comparison is based on below factors.

Speed of development - this parameter defines how quickly, easily and with what level of quality you can implement typical features of your web solution - such as user registration and profile management forms, RSS and podcast feeds, browser-based logic etc.

Performance - this defines the degree of scalability and responsiveness of your solution.

Level of adoption by the industry - this factor defines how much of an industry standard given technology is. When defining this criterion, things such as number of well-known web products built on this technology, size of the supporting community, availability of documentation and other learning materials should be taken into consideration.

Learning curve - a level of effort and time required for the project team to develop expertise with this technology. The less known the technology is, the higher the learning risk would be.

Cost of ownership - this variable defines total cost of ownership and includes initial acquisition costs, operating and maintenance costs, and (possibly) switching costs.

By summing the total points, the final result is:

The conclusion here is:

Cumulative data across all requirements suggests that currently Ruby/RoR and Python are the best choices for building Web 2.0 startup, with PHP and Java being good alternatives. .Net is significantly behind its competitors and can hardly be a recommendation.

Gorpynich, S. (2010). Web 2.0 startups. Choice of server-side. Retrieved on 24 May 2010 from http://www.cogniance.com/expertise/white_papers/web2.0-technology-choice

Final Verdict:

Ruby on Rails is the right platform for Web Development.

Workshop 5

Workshop 5 - IT INFRASTRUCTURE MANAGER’S THREAD

To Do:

Part A: Survey of mobile device capability and Web 2.0 tools

1. Find out and recommend what type of mobile devices are suitable for:

1. Just the SMS message service;

2. The full user experience via SMS, GPS Taxi tracking and Google Maps

A mobile device (also known as cellphone device, handheld device, handheld computer, "Palmtop" or simply handheld) is a pocket-sized computing device, typically having a display screen with touch input or a miniature keyboard. (Wiki, 2010). Most people nowadays posses at least one mobile device, and mobile phone (or called hand phone, cell phone) is certainly the most common one. To receive the SMS message, a ordinary mobile phone is sufficient. To have full user experience via SMS, GPS Taxi tracking and Google Maps, then a smartphone is required.

The Smartphone is a mobile phone with much more processing power, memory and running on a more sophisticated operating system (OS). Based on a survey by ComScore, in 2010, smartphone grows quickly, there are over 45.5 million people in the United States owned smartphones and is continue to grow rapidly out from the subscribers market of 234 million users. (Gonsalves, 2010)

The basic requirement for SMS, Google/ Google Maps requires the smartphone to be web-enabled, while the GPS needs an additional hardware to pick up GPS signal. All the new smartphone OS supports web operation, and the 2010 Q1 market share is listed below. (Garnter, 2010)

Some of the latest smartphones with WiFi and GPS are listed below. (May 2010)

Brand	model	OS	Band
Nokia	5800 XpressMusic	Symbian OS9.3	Quad + 3.5G
	C5	Symbian OS9.3	Quad + 3.75G+
	E52	Symbian OS9.3	Quad + 3.75G+
	N97	Symbian OS9.4	Quad + 3.5G
Samsung	Anycall i8910HD	Symbian OS9.4	Quad + 3.75G+
SonyEricsson	Satio	Symbian OS9.4	Quad + 3.75G+
HTC	Desire	Android 2.1 Eclair	Quad + 3.75G+
	Legend	Android 2.1 Eclair	Quad + 3.75G+
Motorola	Mulestone XT701	Android 2.1 Eclair	Quad + 3.75G+
Garmin-Asus	M10	Windows Mobile 6.5.3 Professional	Quad + 3.75G+
HTC	HD2	Windows Mobile 6.5 Professional	Quad + 3.75G+
Samsung	Anycall Omnia Pro B7330	Windows Mobile 6.5 Professional	Quad + 3.75G+
Blackberry	Bold 9700	Device Software 5.0	Quad + 3G
Apple iPhone	3GS 32GB	iPhone OS 3.1.3	Quad+3.5G

2. Describe any new hardware, networking, software, systems, procedures and personnel that would be needed by the taxi company Website to support this stage 2 development.

The taxi company can locate the taxi location by the Google Latitude apps. What the taxi company needs to do is to attach an link to iGoogle and register all the taxis' GPS devices. (mobile phones). The Google map can show the registered taxis on the Google map.

There is no additional hardware or networking and systems for the Google latitude, but a SMS gateway that connecting to the taxi company's server that sending the Link of specific taxi location on Google latitude should be added. For the procedures and personnel, there are no additional requirement neither.

Part B: The enhanced customer experience through Web 2.0 technology

1. Use a table to describe how the customer experience is improved by:

1. Horizontal scalability (eg ordering a taxi by mobile phone call or SMS, mobile Internet, desktop or laptop computer)

2. Service oriented features (eg SMS updates using location data, knowing the driver’s name before the ride and being greeted by your name etc)

3. Other customer services enabled by Web 2.0 (eg reputation system)

Improve customer experience by	Examples
Horizontal scalability	Order taxi by mobile phone call, mobile Internet, desktop or laptop computer, then reply by an SMS to confirm the reception
Service oriented features	SMS message should be sent to the client with below information - The current location of the taxi - Estimated time to arrive - Link to Google map and show the distance and projected path - Name of the taxi driver, license no. of the taxi
Other customer services	Additional service should be considered (1) For security - When a lady taking the taxi in midnight, she can ask sending SMS about the trip information to her husband or friend - Camera at the back of seat, point to the driver and front road, make sure it is driving in a correct manner (2) 'Frequent Rider' program - The client can select to join the program by registering on the web, then sending a SMS informing the points accumulated after each trip. When getting to a certain points, give discount to encourage the client to use this taxi company again. - Align with telecom operator, gives free news or weather information when getting to a certain point (3) Vochurer program - By pre-paying a certain amount of money, the Client doesn't need to pay every time, and can have discount on each ride.

Part C: Online Taxi Business Process Modelling

Apart from the business basics of offering a clean car, safe driving, being on time, consider the business processes involved and construct a Simple Online Taxi business process model using any suitable drawing tool.

The following description is a helpful guide, but don’t be restricted from including your own ideas to extend or limit the business process model:

1. BEFORE the RIDE

1. The business process will begin with ordering the cab by telephone, SMS, or online and getting customer recognition if the customer has made a booking previously.

2. During registration, the company would collect data for good customer relations and the electronic payment method. All data collected has to also achieve a quick ordering process and be used ethically and securely.

3. SMS reminders, and updates via SMS, GPS and Google maps provide location-based information to re-assure that the taxi is on the way and on time for the booking.

2. DURING the RIDE

1. When the taxi arrives, the driver greets the customer by name and helps them with their luggage and then opens the car door.

2. The taxi driver would initiate a conversation and continue with it if they are interested or show interest if they started talking first.

3. END of the RIDE

1. At the end of the ride there is no delay for making a payment so the taxi driver would help the customer get out of the car and would have their luggage ready waiting for them and say goodbye.

2. The business process concludes when the company uses the taxi vehicle’s GPS location data again to send a final friendly thank you, suggests feedback via SMS and offers a goodbye message.

References

Gartner. (2010). Gartner Says Worldwide Mobile Phone Sales Grew 17 Per Cent in First Quarter 2010. Retrieved on 22 May 2010 from http://www.gartner.com/it/page.jsp?id=1372013

Wiki. (2010). Graph showing smartphone marketshare for 2010. Retrieved on 22 May 2010 from

http://upload.wikimedia.org/wikipedia/en/3/3e/Smartphone_share_2009_full.png

Wiki. (2010). Smartphone. Retrieved on 22 May 2010 from http://en.wikipedia.org/wiki/Smartphone

Exercise 16

1. The area no. 2, Business process analysis, is selected.

In a business organization, monitoring and management of the business processes to attain profitability is an essential task. E.g. measuring the revenue versus target, building up customer relationship via e-communication.

Various softwares for business process analysis are available, e.g. CRM, Work Flow management, new Web 2.0 tools like the Salesforce.com. One of them has been around for a while and very popular is calledEnterprise resource planning (ERP). It is an 'integrated computer-based system used to manage internal and external resources including tangible assets, financial resources, materials, and human resources. Built on a centralized database, it is a software architecture to facilitate the flow of information between all business functions inside and outside the boundaries of the organization like supplier and customers.

The ERP was originated from the manufacturing resource planning (MRP), and typically handled the manufacturing, logistics, distribution, inventory, shipping invoicing and accounting processes for a company. But for today, ERP has extend across almost all business processes and activities like sales, marketing, human resources management.

The new generation of ERP is called ERPII, largely utilize the web interface and allows both employees and external resources (such as suppliers and customers) real-time access to the system's data.

Apart from the traditional ERP vendor like SAP, open ERP resources are readily available now, e.g. the OpenBravo.com for SMB, xTuple PostBooks is an integrated ERP, CRM and accounting system, OpenERP integrates accounting, hr, sales, crm, purchase, stock, production, services management, project management, marketing campaign. (Gaea, 2009)


References

Enterprise resource planning. (2010). Retrieved on 19 May 2010 from http://en.wikipedia.org/wiki/Enterprise_resource_planning#History

Gaea, P. (2009). 10 Best Open Source ERP Software. Retrieved on 19 May 2010 from http://blog.taragana.com/index.php/archive/10-best-open-source-erp-software/

Exercise 15

1. What is meant by a location based service? Explain using the Web applications found on a late model mobile device.

From the Wiki, A location-based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device.

LBS services can be used in a variety of contexts, such as health, work, personal life, etc. LBS services include services to identify a location of a person or object, such as discovering the nearest banking cash machine or the whereabouts of a friend or employee. LBS services include parcel tracking and vehicle tracking services.

LBS can include mobile commerce when taking the form of coupons or advertising directed at customers based on their current location. They include personalized weather services and even location-based games. They are an example of telecommunication convergence.

2. Describe the purpose of the Open Mobile Alliance Initiative?

According to the home page of the OMA:

"The mission of the Open Mobile Alliance is to facilitate global user adoption of mobile data services by specifying market driven mobile service enablers that ensure service interoperability across devices, geographies, service providers, operators, and networks while allowing businesses to compete through innovation and differentiation."

3. What are the main components of a mobile Web services framework?

In a mobile Web service environment, the limited resources and the lack of bandwidth in its communication network makes it is different from a Web service on a regular size computer. In Mobile devices, Synchronous web services are not feasible. It makes the user wait while each Web service processes requests and returns results. The mechanism of mobile Web service network is called Asynchronous Web services that the invocation solves this performance issue and enhances the end user experience by increasing server efficiency. There are three types of processes and components which are involved in web services.

Firstly, a discovery process which is done through UDDI. When one party (requester) contacts another (provider) to obtain services, the requester must locate an appropriate provider. This process is known as discovery. Different mechanisms can be used in the process, such as finding services listed on a web site, searching a directory or locating the provider through a framework that supports discovery.

Next process is description. When a provider has been located, the requester needs to learn the rules related to contacting the provider (e.g., which protocols to use, how to structure messages, and which security and other policies to observe).

A document which contains a description of web services is called WSDL (Web Services Description Language).

The third process is to communicate with the provider by sending (and possibly receiving) messages. The communication usually takes place using the SOAP protocol together with underlying protocols such as HTTP. The definition of how an underlying protocol is to be used with SOAP is called a SOAP binding. It is required in order to achieve interoperability between SOAP messages and their underlying protocol.

4. Visit an airline Web site and search for information on WAP or SMS or 3G mobile application access to booking airline services. The same services exist in banding. How do both industries compare?

I’ve visited the Cathay Pacific Airways and Bank of America (BoA). The Cathay Pacific introduced the WAP service in year 2000, and was the 1^st airline to introduce this service in Asia. For BoA, the service was introduced in 2007. The mobile features and requirements are listed below.

	Cathay	BoA
Main features	Check-in News & Offers Flight Schedules Flight Status View Latest Flight Bookings The Marco Polo Club Account Airport Information City Guides (Only on CX Mobile Application) Subscribe to notiFLY Subscribe to CXpecials Local Contacts	Custom design unique to your phone's features ATM and banking center locator, using geo-locator –find the nearest location without entering your address or zip code On-the-go management of your accounts to check balances, transfer funds and pay bills
Supported mobile devices	iPhone Blackberry Java-enabled mobile phones such as Nokia, Sony Ericsson, Motorola, Samsung, etc.	iPhone Blackberry Android
Target users	Frequent Traveler (Quick access to information and booking of flights)	General banking customers (Quickly locate the ATM machine) Funds investor (Quick access to funds information and management)
Benefits to users	Quickly access to the required information and no need to spend time to get to a place or waiting in a queue	Quickly access to the required information and no need to spend time to get to a place or waiting in a queue
Benefits to the company	Increase business volume without increasing number of shops	Increase business volume without increasing number of shops
Can mobile service replace all physical shops?	No It can support most of the transactions (e.g. flights booking, check-in) but there are tasks still need to be done at a physical location. (e.g. check-in luggage)	No It can support most of the transactions (e.g. bill payments, transfer funds) but there are tasks still need to be done at a physical location. (e.g. Withdraw cash, bank-in cheques at ATM)

References

Bank of America. (2010). Mobile Application. Retrieved on15 May 2010 from http://www.bankofamerica.com/onlinebanking/index.cfm?template=mob_applications

Cathay Pacific. (2010). CX Mobile. Retrieved on 15 May 2010 from http://www.cathaypacific.com/cpa/en_INTL/manageyourtrip/cxmobile

OMA. (2010). Home Page. Retrieved on 14 May 2010 fromhttp://www.openmobilealliance.org/default.aspx

Wiki. (2010). Location-based Service. Retrieved on 14 May 2010 fromhttp://en.wikipedia.org/wiki/Location-based_service

Exercise 14

1. What is a spider? What does it do?

According to Whatis.com, a spider is a program that visits Web sites and reads their pages and other information in order to create entries for a search engine index. The major search engines on the Web all have such a program, which is also known as a "crawler" or a "bot." Spiders are typically programmed to visit sites that have been submitted by their owners as new or updated. Entire sites or specific pages can be selectively visited and indexed. Spiders are called spiders because they usually visit many sites in parallel at the same time, their "legs" spanning a large area of the "web." Spiders can crawl through a site's pages in several ways. One way is to follow all the hypertext links in each page until all the pages have been read.


2. Differentiate the various types of software agents.

Haag (2006) suggests that there are only four essential types of intelligent software agents:
• Buyer agents or shopping bots
• User or personal agents
• Monitoring-and-surveillance agents
• Data Mining agents

3. Identify various activities in e-commerce where software agents are currently in use.

Buyer agents (shopping bots) - Buyer agents travel around a network (i.e. the internet) retrieving information about goods and services. These agents, also known as 'shopping bots', work very efficiently for commodity products such as CDs, books, electronic components, and other one-size-fits-all products. Amazon.com is a good example of a shopping bot. The website will offer you a list of books that you might like to buy on the basis of what you're buying now and what you have bought in the past.

User agents, or personal agents - Intelligent agents that take action on your behalf. In this category belong those intelligent agents that already perform, or will shortly perform, the following tasks:

• Check your e-mail, sort it according to the user's order of preference, and alert you when important emails arrive.
• Play computer games as your opponent or patrol game areas for you.
• Assemble customized news reports for you. There are several versions of these, including newshub and CNN.
• Find information for you on the subject of your choice.
• Fill out forms on the Web automatically for you, storing your information for future reference
• Scan Web pages looking for and highlighting text that constitutes the "important" part of the information there
• "Discuss" topics with you ranging from your deepest fears to sports
• Facilitate with online job search duties by scanning known job boards and sending the resume to opportunities who meet the desired criteria
• Profile synchronization across heterogeneous social networks

Monitoring-and-surveillance (predictive) agents - They are used to observe and report on equipment, usually computer systems. The agents may keep track of company inventory levels, observe competitors' prices and relay them back to the company, watch stock manipulation by insider trading and rumors, etc.

Data mining agents - This agent uses information technology to find trends and patterns in an abundance of information from many different sources. The user can sort through this information in order to find whatever information they are seeking.

4. Computing ethics and bot programming case study: rocky

a. Get an account username and password form the lecturer to LC_MOO at http://ispg.csu.edu.au:7680 and login to the Welcome Lobby.

I log in with the user account 'user19', below is the screenshot of the Welcome Lobby.

Figure 11: LC_MOO screen layout with the Rocky bot object.

b. Hold a 5-minute discussion with Rocky on special topic. Commands and chat are entered in command box (bottom-left of screen in Figure 11) : act rocky (start bot) hush rocky (stop bot)



Figure 11: LC_MOO screen layout with the Rocky bot object.

c. Rocky is an ELIZA-like bot. Report your findings.
Rocky is an ELIZA-like bot. Rocky provided a corresponding response of a pre-defined instruction. You also can create an instruction by LC_MOO command.








I typed in the LC_MOO command and the bot showed 'I don't understand that', I also typed in many words, all responded the same. My conclusion is that is a rubbish, no intelligence but a junk program with poor interface and only be able to answer some pre-defined questions.

References

Hagg. S. (2006). Management Information Systems for the Information Age", pp. 224-228.

Wiki. (2010). Software agent. Retrieved on 14 May 2010 from http://en.wikipedia.org/wiki/Software_agent

Whatis.now. (2008). Spiders. Retrieved on May 14, 2010 from http://whatis.techtarget.com/definition/0,,sid9_gci213035,00.html

Exercise 13

1. Develop the class diagram for the following shopping cart specifications:

A shoppingCart object is associated with only one creditCard and customer and to items in itemToBuy object. Persistent customer information such as name, billing address, delivery address, e-mail address and credit rating is stored in the customer object. The credit card object is associated with a frequentShopper discount object, if the credit rating for the customer is good. The customer can make or cancel orders as well as add and delete items to the shopping cart product. The credit card object contains the secure method for checking that the charge is authentic.

Exercise 12

1. Examine the Use Case in Figure 4 and explain the MVC architecture of the online bookstore (the model the view and controllers) needed to Lookup Books and Add to Shopping Cart.



Figure 4: Use case diagram for a customer using a shopping cart at an online bookstore.

According to the Wiki, the MVC functions are summarized below:
The model is used to manage information and notify observers when that information changes. The model is the domain-specific representation of the data upon which the application operates. Domain logic adds meaning to raw data (for example, calculating whether today is the user's birthday, or the totals, taxes, and shipping charges for shopping cart items). When a model changes its state, it notifies its associated views so they can be refreshed. Many applications use a persistent storage mechanism such as a database to store data.

The view renders the model into a form suitable for interaction, typically a user interface element. Multiple views can exist for a single model for different purposes. A viewport typically has a one to one correspondence with a display surface and knows how to render to it.

The controller receives input and initiates a response by making calls on model objects. A controller accepts input from the user and instructs the model and viewport to perform actions based on that input.
By comparing the MVC to the User Case, the MVC representations are below.

Lookup Books (104)
Model - Lookup Books (Database)
View: - Result of the book searched
Controller - Input of book information to be searched

Add to Shopping Cart (105)
Model - Add to Shopping Cart (Database)
View - Result of the books selected to add in Cart
Controller - Input of book information to be added to Cart

Wiki. (2010). Model-View-Controller. Retrieved on 14 May 2010 from http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller

Exercise 11

1. Give a description in your own words of the ACID properties of a transaction.
A transaction is a single logical operation for a data. The ACID (atomicity, consistency, isolation, durability) is the measurement to ensure the reliable database transactions.

References

Wiki. (2010). ACID. Retrieved on 13 May 2010 from http://en.wikipedia.org/wiki/ACID


2. Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?
TP monitor environment (TeleProcessing monitor or Transaction Processing monitor) is a control program to monitor and manage the transfer of data between multiple local and remote terminals and the application programs that serve them. It may also include programs that format the terminal screens and validate the data entered.

In a distributed client/server environment, a TP monitor provides integrity by ensuring that transactions do not get lost or damaged. It may be placed in a separate machine and used to balance the load between clients and various application servers and database servers. It is also used to create a high availability system by switching a failed transaction to another machine. A TP monitor guarantees that all databases are updated from a single transaction.

References

The Free Online Dictionary. (2010). TP Monitor. Retrieved on 13 May 2010 from http://encyclopedia2.thefreedictionary.com/TP+monitor

Exercise 10

1. Find definitions for eight terms and concepts used in threaded programming:
1. Thread Synchronization
2. Locks
3. Deadlock
4. Semaphores
5. Mutex (mutual exclusion)
6. Thread
7. Event
8. Waitable timer.

1. Thread Synchronization - The ability to synchronize the activities of various threads. A thread synchronizes itself with another thread by putting itself to sleep. Before doing so, the thread notifies the operating system as to what event has to occur in order for the thread to resume execution.

IBM. (2004). T. Retrieved on 12 May 2010 from http://mail.serc.iisc.ernet.in/ComputingFacilities/systems/cluster/vac-7.0/html/glossary/czgt.htm

2. Locks – A lock is a special value that can be held by at most one thread.

University of Wisconsin. (n.d.) Locks, Semaphores and Monitors Lock Granularity and Access Deadlock. Retrieved on 13 May 2010 from
http://pages.cs.wisc.edu/~fischer/cs538.s07/lectures/Lecture37.4up.pdf

3. Deadlock - Two or more threads hold locks that other threads require. Each waits for the other thread to release a needed lock, and no thread is able to execute.

4. Semaphores – A semaphore is a signal to acquire or release a lock, usually it is an integer value (often just a single bit) with two atomic operations: up and down.

5. Mutex (mutual exclusion) - Mutual exclusion (often abbreviated to mutex) algorithms are used in concurrent programming to avoid the simultaneous use of a common resource,

6. Thread – A mechanism of executing concurrent operation, a thread of execution results from a fork of a computer program into two or more concurrently running tasks.

7. Event - Event-driven programming or event-based programming is a programming paradigm in which the flow of the program is determined by events—i.e., sensor outputs or user actions (mouse clicks, key presses) or messages from other programs orthreads.

Wiki. (2010). Event-driven programming. Retrieved on 13 May, 2010 from
http://en.wikipedia.org/wiki/Event-driven_programming

8. Waitable timer – A waitable timer object is a synchronization object whose state is set to signaled when the specified due time arrives. There are two types of waitable timers that can be created: manual-reset and synchronization. A timer of either type can also be a periodic timer.

MSDN. (2010). Waitable Timer object. Retrieved on 13 May 2010 from http://msdn.microsoft.com/en-us/library/ms687012(VS.85).aspx

Exercise 9

1. Find out about SET and the use of RSA 128-bit encryption of e-commerce.

In the Internet arena, the growth of e-commerce is not much quickly as the Internet growth itself. It is largely hindered by the security threat. Many security protection mechanisms have been developed.

The SET (Secure Electronic Transaction) is an ‘open encryption and security specification designed to protect credit card transactions on the Internet.’ (Stalling, 2002) The initial version, SETv1, was emerged from a call for security standards by MasterCard and Visa in February 1996. Later more companies jointed the development of the specification, like IBM, Microsoft, Netscape, RSA, Terisa, and Verisign.

After years of evolution, SET is now widely used for secured digital transactions. The digital certificates, digital signatures, and digital wallets all function according to the SET protocol. (Free Encyclopedia of Ecommerce, n.d.)

There are several components for the SET protocol.

• The Cardholder Application, also referred to as a digital wallet, is held by an online consumer and packages a digital signature and credit card information that ensures his or her identity and safeguards his or her financial information through a complex encryption system.
• The Merchant Server component is the verification product held by the merchant to process the online card payment.
• The Payment Gateway component is held by an acquiring bank or other trusted third party that accepts and processes the merchant's verification and the customer's payment information and filters them to their appropriate financial institutions.
• The Certificate Authority component, usually run by a financial institution, is the trusted agent that issues the digital certificates and is responsible for ensuring that all users of digital certificates are in fact secure and trustworthy customers.

As the SET is more on the security mechanism side, the RSA is a cryptography algorithm. The name RSA actually named after the three inventor called Rivest, Shamir and Adleman, where they were the first to invent this algorithm for public-key cryptography. From Wiki, It is the ‘first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.’ (Wiki, 2010)

In the cryptography, the key size or key length makes a difference on the security level. The 128 bits key size follows the standard AES (Advanced Encryption Standard) that published in 2001. Optional It also can use keys up to 256 bits (a specification requirement for submissions to the AES contest). 128 bits is currently thought, by many observers, to be sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256-bit AES keys for highly sensitive data.

References

Free Encyclopedia of Ecommerce. (n.d.) Secure Electronic Transaction. Retrieved on 11 May 2010 from http://ecommerce.hostip.info/pages/925/Secure-Electronic-Transaction-SET.html#ixzz0naiBdjeg

Stallings, W. (2002). Introduction to Secure Electronic Transaction (SET), Prentice Hall. Retrieved on 11 May 11, 2010 from http://www.informit.com/articles/article.aspx?p=26857

Wiki. (2010). Key size. Retrieved on 11 May 2010 from http://en.wikipedia.org/wiki/Key_size

2. What can you find out about network and host-based intrusion detection systems?

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An IDS (Intrusion detection system) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.

There are two main types of IDS's: network-based and host-based IDS.

In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic.

In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed, including file system, logs and the kernel. Some application-based IDS are also part of this category.

Wiki. (2010). Intrusion detection system. Retrieved on 11 May 2010 from

http://en.wikipedia.org/wiki/Intrusion_detection_system

3. What is 'phishing'?

Phishing basically is the online identity theft. It usually appears in the form of email of your friend or a trustworthy web site, and links to a web site to input the personal information like user name and password, credit card information.

4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?

While the SET uses a mechanism to avoid the merchants get the credit card detail information, the SSL (Secure Sockets Layer) is a encrypted client/server protocols to enable safe communication between network devices.

The SSL was developed by Netscape, as a encryption standard for the data between a Web browser and a Web server. ‘The version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0", which was released in 1996’ (Rescorla 2001).T

SSL is supported and built into all major browsers and web servers nowadays; it is easily used to install a digital certificate on the machine The encryption level also depends on the key size, with 40 and 128-bit, which the 128-bit key is deemed to be strongly secured for foreseeable future.

As supported by the major browsers and easy to use, the SSL is vastly used in the outlet shops. The SET might be more secure because of the double checking mechanism but it asks for higher cost and complexity, and mainly supported by the Visa and Master Card, therefore it is less popular.

References

Wiki. (2010). SSL. Retrieved on 12 May 2010 from http://en.wikipedia.org/wiki/SSL

5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?

Cookies are ‘name-value’ pairs to contain user information of the browser. It can store user name, password, site preferences…etc. This information basically are stored in text strings. The cookie is sent from the web server to the browser machine as an HTTP header, then sent back each time it access the server.

The cookies can be improved the security by encrypted the data. However, as it contains the user information, some spywares target the cookie to track the user’s privacy, so it can be a security risk.

References

Wiki. (2010). HTTP Cookies. Retrieved on 12 May 2010 from http://en.wikipedia.org/wiki/HTTP_cookie

6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?

From a research report, a firewall can bring the below benefits as ROI (Computer Economics, n.d.)

The return on investment is calculated based on the following product benefits:

• Increases network availability by stopping the spread of malicious code attacks (i.e., Nimda, Trojan horses, DDoS).
• Protects remote users from attacks.
• Reduces administrative costs and deploys rapidly with ePolicy Orchestrator management capabilities.
• Stops internal hackers from stealing proprietary data from desktops.
• Temporarily or permanently blocks unauthorized, vulnerable, and expensive application connections.

As the hacking technology getting advanced every day, the firewall technologies have to be getting up-to-date as well. The three firewall software below are the top-listed in 2010, from ‘All-Internet-Security.com’ (All-Internet-Security.com, 2010)

#1 ZoneAlarm PRO Firewall 2010

#2 F-Secure Internet Security 2010

#3 Prisma Firewall 2009

References

All-Internet-Security. (2010). Best Firewall Software - Editor's Choice. Retrieved on 12 May 2010 from http://www.all-internet-security.com/top_10_firewall_software.html

Computer Economics. (n.d.). ROI Analysis of McAfee Desktop Firewall

Software and Support. Retrieved on 12 May 2010 from www.crswann.com/.../DesktopFirewall-ROI-Analysis(ComputerEconomics).pdf

7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

According to the research from Xerox and Research Technology, the e-commerce trust can be measured by the ‘trust metric’. (Manchala, 2000) The measurement can be summarized as below.

• Transacting entity: Any entity that engages itself in an electronic commerce transaction is a transacting entity. This entity could be a customer, a vendor, a broker, an intelligent agent, a payment server, or any intermediary.
• Trust authority: Trust matrices are used to evaluate the trust on a certain transaction or on the next set of transactions. Unless these trust matrices are protected against manipulation and are maintained by certain authorities, transacting entities cannot trust them. These authorities are called trust authorities (TA). Transacting entities use trust protocols to access trust matrices. A TA maintains trust matrices by updating them based on the information received from each completed transaction. TAs should be able to provide proof to trust matrix updates using non repudiation services and to provide each of the transacting entities the level of trust index to be placed on a certain transaction.
• Agreement Framework1: A relationship binding all the transacting entities involved in a single set of transactions. The relationship usually includes various policies for conducting transactions and is usually placed at a TA. Each set of transactions is interpreted based on the policy, and the results are used to update trust matrices.

References

Manchala, D. (2000). E-Commerce Trust Metrics and Models. Xerox Research and Technology. Retrieved on 12 May 2010 from ftp://ftp.tik.ee.ethz.ch/pub/lehre/inteco/SS02/material/00832944.pdf

M. Roscheisen and T. Winograd, “A Communication Agreement Framework of

Access/Action Control,” Proc. IEEE Symp. Security and Privacy, IEEE Computer

Society Press, Los Alamitos, Calif., May 1996, pp. 154-163.

8. Get the latest PGP information from http://en.wikipedia.org/wiki/Pretty_Good_Privacy
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?

According to Wiki, Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991.

PGP and similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data. The latest version is called PGP5.

Besides the digital certificates and passports, web of trust and security quality are two other tools.

References

Wiki. (2010). PGP. Retrieved on 12 May 12, 2010 from http://en.wikipedia.org/wiki/Pretty_Good_Privacy