Tuesday, 23 June 2009

Evaluation Report for Assignment 2

Dear all course mates,

After I have gone through all exercises and workshops, I know the infrastructure of e-commerce systems much better than before. (Actually, I not only learn the e-commerce infrastructure but also, the applications.) Honestly, in my workplace, we have different teams dedicated to networking infrastructures and application developments. I seldom get to know the work of the other team. This time really gives myself an opportunity to understand something that I got to understand but I didn’t understand for years.

The ‘Ruby on Rails’ workshops have enabled me to be familiar with the design of a web application by using the MVC technique. I really admit that the MVC technique is a good approach to develop an application. Nowadays, the life of software or an application is getting shorter as the technologies are progressing very fast as well as the business environment. Therefore, we can’t afford to spend plenty of time designing the application. The technique such as System Development Life Cycle might not be applicable at the era.

Overall, I have benefitted a lot from this course and got very good exposure to the new technologies.

Wednesday, 17 June 2009

System Integration

The final topic is for group reflective study using the wiki tool in CSU Interact and a way for you to add a final reflective comment on systems integration and make your closing remarks to your Developers blog.

1.Choose ONE of the four ways to manage and develop integrated systems as listed below;

I chose "portal and service-oriented architectures (SOA)" to manage and develop integrated systems.

2.Summarise your understanding and describe its relevance (250 words max) in either your study at university or in your work environment;

SOA as an architecture relies on service-orientation as its fundamental design principle. If a service presents a simple interface that abstracts away its underlying complexity, users can access independent services without knowledge of the service's platform implementation. Barry (n.d.) defines that ‘a SOA is essentially a collection of services. These services communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity. Some means of connecting services to each other is needed. Today, SOA and Web services become very popular but it is not something new. The first SOA for many people in the past was with the use DCOM or Object Request Brokers (ORBs) based on the CORBA specification.

I just put aside the principles and technical requirements of SOA and only refer to the above definition when illustrating how SOA is adopted in the system design at my workplace. The essential applications including (email, financial system, intranet, office applications and documents) are unified on the web portal via a single interface illustrated in Fig.1.

Fig.1


It provides a consistent look and feel with access control and procedures for multiple applications, which otherwise would have been different entities altogether. Behind the simple interface, there are complexities and depencies associated with the applications. Take Citrix as a good example, it is very different from other applications accessible through the portal. It actually takes you to an independent platform and users need to install the local Crtrix client prior to accessing it. From this perspective, it achieves the principle of 'loose coupling',

A small set of simple and ubiquitous interfaces to all participating software agents. Only generic semantics are encoded at the interfaces. The interfaces should be universally available for all providers and consumers (He 2003).
Of course, there are still many principles of SOA but I have no intention detail them here. I just attempt to put SOA in this context.

References
Barry, D n.d., Service-oriented architecture (SOA) definition, Barry & Associate, viewed 20 June 2009, <http://www.service-architecture.com/web-services/articles/service-oriented_architecture_soa_definition.html>.

He, H 2003, What Is Service-Oriented Architecture, posted 30 Sep, O'Reilly Media, Inc, viewed 21 June 2009, <http://webservices.xml.com/pub/a/ws/2003/09/30/soa.html>

M-commerce and the e-wallet: Innovation and mobile devices

Explore ONE of the problems associated with mobile technology or their suppliers, from 1 to 4 below:

1.What is meant by a location based service?

According to Wikipedia (2009), 'a location based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device'. For example, online game or SMS is one of the LBS applications that operates on handheld devices. However, LBS creates a privacy issue because it needs to track the location of the handheld device in order to provide the services at a particular spot.


2.Visit A location-based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device Web site and search for information on WAP or SMS access to booking airline services. Do the same for WAP or SMS services in banking. How do both industries compare?
Both Airline and Banking are service industries. However, what can be doing in the airline services might not be applicable to the banking services. The information delivered by the airline company is normally less sensitive and personal like the schedule of the flights or airfares. Most of these information are public. The worst case is the itinerary of a person is disclosed. This should be far less harmful than disclosing a person's financial information.

3.Visit the W3C website and find the status of the VoiceXML project. When do you think it will affect business on the Web and what will its impact be?

The second draft of VoiceXML 3.0 was just published by W3C on 4 June 2009 (W3C n.d.). The W3C Speech Interface Framework is a suite of markup specifications. When the VoiceXML is standardised and mature, we can actually use our cell phones with the voice browser to do the following:
  • Accessing business information, including the corporate "front desk" asking callers who or what they want, automated telephone ordering services, support desks, order tracking, airline arrival and departure information, cinema and theater booking services, and home banking services.
  • Accessing public information, including community information such as weather, traffic conditions, school closures, directions and events; local, national and international news; national and international stock market information; and business and e-commerce transactions.
  • Accessing personal information, including calendars, address and telephone lists, to-do lists, shopping lists, and calorie counters.
  • Assisting the user to communicate with other people via sending and receiving voice-mail and email messages.

As a result, the voice data can be browsed and transmitted freely over the Internet. The e-commerce and m-commerce will become much more popular and increase the volumne of the transactions as users (even the peolpe with hearing and speaking impairments) can place their orders by phone calls or voice mails and the business organisations can manage these requests based on the infrastructure.


4.According to Nokia:

The Nokia One Mobile Connectivity Service provides easy and secure access to email, calendar, directory and more from a mobile phone, PDA, PC or fixed-line phone - take your corporate applications mobile.

Why is a company like Nokia – http://www.nokia.com – described as having end-to-end expertise?



References

Nokia Siemens Networks n.d., End to End Expert, Insight, viewed 19 June 2009, <http://www.nokiasiemensnetworks.com/jp/Insight/end-to-end/>.

W3C n.d.,"Voice Browser" Activity, viewd 19 June 2009, <http://www.w3.org/Voice/>.

Wikipedia 2009, location based service, last updated, 10 May, Wikimedia Foundation Inc., US, viewed 19 June 2009, <http://en.wikipedia.org/wiki/Location-based_service>.


Virtual business worlds and cyberagents

Search the Web for a site that uses a cyber character or cyber agent to host a business site. (If you create a successful cyber agent, you may be able to get large companies to use it to sell their products online.)
1.Differentiate the various types of software agents.

Software agents carry out tasks associated with software. For example, Windows Update notifies the user of any new updates to an existing system, downloading updates and even applying an update when it is received (Ince 2005, p.396). Other agents normally only collect information from websites with specific purposes. For example, Governments agents collect statistics or extract the updates from the regulations of government and News agents notify you the breaking news and news updates.

2.Describe how techniques such as artificial intelligence and statistical techniques are used in software agents.

Like an auction agent, Bidder Edge, it scans auction sites onthe Web and continuously updates its catalogue of products. There are two ways that you can access the Bidder’s Edge Web site: first by scanning the various categories that are listed; second by personalising the Web site to your own interests, for example you can inform the site that all you are interested in is bidding for computer equipment and it will then only display items which fall under this category (Ince 2005, p.396). Certainly, it adopted the AI technique to identify you interests and the statistical technique to interpret your shopping habits. That's why it can recommend you the desired products or services.

3.Identify various activities in e-commerce where software agents are currently in use.

Amazon also employed similar techniques as mentioned above. It sends you the product update by email according to your shopping habits and interests.

4.Computing ethics and bot programming case study: rocky


a.Get an account username and password from the lecturer to LC_MOO at http://ispg.csu.edu.au:7680 and login to the Welcome Lobby.

b.Hold a 5-minute discussion with Rocky on a special topic. Commands: act rocky (start bot) hush rocky (stop bot)

c.Rocky is an ELIZA-like bot. Report your findings.

I logged in to the Welcome Lobby with the account 'train1' but couldn't get it to function as expected. But I know the bot was running because I attempted the second time and got the warning message, ' I didn't abort last time...'.

Searching mechanism

1.What is a spider? What does it do?
According to Ince (2005), Spider is normally used to describe software which harvests information for search engines and other allied sites, the image here being of a program which wanders around the strands of the Internet. It searches the information over the Internet in order to serve the following purposes:
  • alert users when a particular of event such as a web site being changed occurs
  • perform email address harvesting (the email addresses are sold to the business owners who will use them for sending bulk emails advertising a product or a service)
  • use for search engine indexing
2.What is a meta-search engine? Provide some examples.
Meta tags are HTML tags which provide information about a web page. A meta-search engine just looks at the meta tags in the HTML of the web pages, especailly the home page of web sites. The results will be aggregate in a database which is being accessed by search queries. It can also search the keywords and gather the hit rate of web sites in order to evaluate the popularity of them.
The following are the popular meta-search engines.
  • Brainboost is designed to provide specific answers to questions asked in natural language. Currently it only supports English.
  • Dogpile fetches results from Google, Yahoo!, Live Search, Ask.com, About.com, MIVA, LookSmart and several other popular search engines, including those from audio and video content providers.
  • Info.com provides results from leading search engines and pay-per-click directories, including Google, Yahoo!, Bing.com, Ask, LookSmart, About and Open Directory.

3.How can you get your site listed at major search sites; and how could you improve your site ranking?
You can just register my web site via the registration page of the search engine site. For example, you can just access the url to get your web site registered at Google.

http://www.google.com/addurl/

You can increase the number of hits on your website and therefore, the ranking of your site will improve accordingly. This can be achieved by the operation of bot. Just let a bot access repeatedly access your site.


References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp. 391-406.

Shopping cart specifications II

Differentiate between software systems such as Customer Relationship Management (CRM) software, Business-to-Business e-commerce programs and Supply-Chain Management (SCM) software.

CRM is a software system which is utilised by an enterprise to enable its marketing departments to identify and target their best customers, manage marketing campaigns and generate quality leads for the sales team (Williams 2009). Most likely, CRM would be accessed by the internal users including management, sales team and marketing department.

SCM software is the oversight of materials, information, and finances as they move in a process from supplier to manufacturer to wholesaler to retailer to consumer. Supply chain management involves coordinating and integrating these flows both within and among companies. The ultimate goal of an effective supply chain management system is to maintain inventory tothe "Just-fit" level (TechTarget 2009). Since the whole supply-chain process is involved a few parties, SCM software will need to be accessed by those parties as well.

B2B e-commerce model is highly adopted in SCM system. This is because it requires every company in the supply chain to move quickly to process an order from a company which follows it in the chain and the old practices could no longer cope with the demands of the supply chain process. The stakeholders of the supply chain understand that they need to drop the old practices, (i.e. elimination of waste bureaucracy and indirect connections between companies). Instead, they require to get the online information and place orders within minutes. The volume of transactions is growing exponentially. The ideal here is for a company higher up in the supply chain to share its data with companies further down the chain (Ince 2004). The internet will be the platform for them to trade with one another and exchange the information. CRM is an internal system for an enteprise. Very unlikey, the client information will be shared with other companies and no direct trade will occur with other companies as well via the CRM system.
References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp. 6-8.

TechTarget 2009, Supply chain Management, last updated 24 Feb, TechTarget, viewed 20 June 2009, <http://searchcio.techtarget.com/sDefinition/0,,sid182_gci214546,00.html#>.

Williams, E 2009, Customer Relationship Management, lasted updated 23 Sep 2008, TechTarget, viewed 20 June 2009, <http://searchcrm.techtarget.com/sDefinition/0,,sid11_gci213567,00.html>.

Monday, 15 June 2009

Shopping cart specifications I

Develop the class diagram for the following shopping cart specifications:



A shoppingCart object is associated with only one creditCard and customer and to items in itemToBuy object. Persistent customer information such as name, billing address, delivery address, e-mail address and credit rating is stored in the customer object. The credit card object is associated with a frequentShopper discount object, if the credit rating for the customer is good. The customer can make or cancel orders as well as add and delete items to the shopping cart product. The credit card object contains the secure method for checking that the charge is authentic.




Modeling with UML

Use Case, Class, Sequence, Collaboration, State chart, Activity, Component and Deployment diagrams are used in UML. Describe each of the eight (8) main diagrams used in UML.

I refer to Wikipedia (2009) for the following descriptions.

Use Case diagram shows the functionality provided by a system in terms of actors, their goals represented as use cases, and any dependencies among those use cases.

Class diagram describes the structure of a system by showing the system's classes, their attributes, and the relationships among the classes.

Sequence diagram shows how objects communicate with each other in terms of a sequence of messages. Also indicates the lifespans of objects relative to those messages.

Collabration diagram displays an interaction organized around the objects and their links to one another. Numbers are used to show the sequence of messages.

State Chart diagram describes many systems, from computer programs to business processes with standardized notation.

Activity diagram represents the business and operational step-by-step workflows of components in a system. An activity diagram shows the overall flow of control.

Component diagram depicts how a software system is split up into components and shows the dependencies among these components.

Deployment diagram serves to model the hardware used in system implementations, and the execution environments and artifacts deployed on the hardware.

Use Case and Activity Diagrams help you to describe system functional requirements - it is important to note that the user may be a human or another software or hardware process. In either case it is referred to as an actor. Use Cases help with the problem of definition of requirements and analysis.

The following Use Case diagram shows a credit card processing system. The actors are the parties who interact with the system and the use cases are the functionalities of the system.

Actor: Customer, Shipping & Customer Service
Use Case: Update Order Staus, Update Inventory, View Outsatanding Orders, Get Product Information, Check Order Status, Add Product to Order Form, View Order Form, Place Order, Credit Card Rejected & Calculate Total.


Fig1. (Source: SmartDraw 2007 template)

The following Activity diagram shows the workflow of the Order Processing system. It starts with 'Place Order' and ends with 'Receive Order'.



Fig.2 ( Source: SmartDraw 2007 template)


Use a table (see below) to start your thinking, where business processes are taken from the SME and an object modelling table is used to help show development of your ideas, using very simple object modelling techniques. Here is a simple way to model your objects. Use the level 1 and 3 tables for designing any object in the e-business application:
Level 1 - User and system tasks table


Fig.3

Level 2 – Abstraction

The next step is called finding the level of abstraction, where the business objects build on each other to form classes from the most general and abstract – root class, to the more refined and concrete. What could be more concrete than an automatic telling machine (ATM)? Here the actor is human and the use case are withdraw cash; make a deposit; or request a balance.

Level 3 - Object description table

Use the level 3 table below to detail your design with the example used in object-oriented design.

Fig.4

Reference

Wikipedia 2009, Unified Modeling Language, Wikipedia, The free encyclopedia, last modified 15 June 2009, Wikimedia Foundation, Inc., US, viewed 17 June 2009, <http://en.wikipedia.org/wiki/Unified_Modeling_Language>.

TP monitors and transaction protocols

1.Give a description in your own words of the ACID properties of a transaction.

ACID stands for Atomicity, Consistency, Isolation & Durability which are the properties of a transaction. Atomic means that when a transaction is being executed, it is not interrupted by any other process from another transaction. Consistency means that a transaction must leave stored data in a consistent state until the whole (e.g. update) proccess has been completed. Isolation means that a transaction must not be interrupted by another transaction. Durability means that after a transaction has completed its operations, the results are reflected to the data (Ince 2005, pp.356-357).

2.Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?

Normally, a TP monitor operates in a multi-thread system (e.g. mainframe computers or distributed client/server system) because it manages the concurrent execution of the threads and processes that make up a transaction and ensure that the ACID properties are enforced. It schedules threads so the low-priority transactions are allowed a smaller share of resources than high-priority transactions such as online transactions and enable load-balancing when an operating system is being overwhelmed (Ince 2005, pp. 363-364).

3.What is difference in load balancing with traditional and transactional MOM, RPC and conversations?
First of all, we need to have some undersrandings on these terminologies.
The process of sharing the processing load in a distributed system equally among the servers in the system, which is known as load balanacing (Ince 2005, p.386).
The process of executing code on a remote computer by invoking it from another computer often known as RPC (Ince 2005, p.259).
In Enterprise Javabean, message-oriented middleware (MOM) is a software which manages the transactions that pass from a client to a server and vice versa (Ince 2005, p.364).
In Enterprise Javabean, a conversation is a potentially long-running sequence of interactions (document exchanges) between multiple web services. In many situations, the backend logic triggered as part of these conversations may be transactional because of their transactional properties (Frolund, S and Govindarajan, K, n.d.).
Load balancing is a design to evenly distribute the resources among the servers. This is a server-side operation. The rest of them occur on both the client-side and the server-side operations.

4.Why is a two-phase commit protocol better than a one-phase atomic commit protocol?
One-phase atomic commit protocol can only ensure that all or none of the operations in a distributed transaction either commit or abort is to keep sending a commit or abort. Two-phase commit protocol can handle the operations of the nested transactions that one-phase atomic commit protocol can't handle. For example, a transaction that has many sub-transactions and each sub-transaction can make a decision to abort or provisional decision to commit to a transaction. A transaction will only commit if all its sub-transactions are provisionally committed. However, commitment can still occur even if some of its sub-transactions have been aborted. In order words, the sub-transactions can be aborted without causing their parent transaction to abort. This is because the parent transaction may contain code which handles any abortion of its sub-tansactions (Ince 2005, pp.358-360).


References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp. 259,355-389.

Frolund, S and Govindarajan, K, n.d., Transactional Conversations, Hewlett-Packard Company, viewed 17 June 2009,<http://www.w3.org/2001/03/WSWS-popa/paper50>.

Sunday, 14 June 2009

Concurrency terms

Find definitions for eight terms and concepts used in threaded programming:


Thread Synchronisation - This is a popular terminology used in the programming languages such as .Net, Java, Python and ...It means the coordination of multiple threads that must access shared data in Java language (Venners 1997).

Locks - This can ensure that only one thread at a time is given access to a resource (Ince 2005 pp.341-342).

Deadlock - This occurs when there is a contention between two transactions for two items of data and would occur in all distributed systems where there is shared access; however, in those systems where there are a number of clients which hold data for a long time (the typical interactive system) it is a major occurrence (Ince 2005, p.351).

Semaphores - This is a protected variable or abstract data type which constitutes the classic method for restricting access to shared resources such as shared memory in a parallel programming environment. A counting semaphore is a counter for a set of available resources, rather than a locked/unlocked flag of a single resource (Wikipedia 2009).

Mutex (mutual exclusion) - Mutex algorithms are used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections. A critical section is a piece of code where a process or thread accesses a common resource. The critical section by itself is not a mechanism or algorithm for mutual exclusion. In other words, Mutex is a not default algorithm in a program which includes critical sections (Wikipedia 2009).


Thread - A thread is anexecution of a chunk of code which can be carried out in parallel with the execution ofother chunks of code. On a computer with a number of processors the threads can beexecuted concurrently, with each instruction of each thread being executed at the sametime (Ince 2005, p.336).

Event - This is an action or a request that is usually initiated outside the scope of a program and that is handled by a piece of code inside the program. Typically events are handled synchronous with the program flow, that is, the program has one or more dedicated places where events are handled. In the threaded programming environment, when one event holds up the thread, the other thread can make use of the processor that has been forced to be idle. For example, a request for some data from a computer resident on a wide area network suchas the Internet (Ince 2005, p.336).

Waitable timer - According to Microsoft Developer Network (2009), Waitable Timer is a synchronization object whose state is set to signaled when the specified due time arrives. The operations of threads are prioritised by the timer objects.


References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp. 336-373.

Microsoft Developer Network 2009, Waitable Timer Objects, Library, viewed 15 June 2009, http://msdn.microsoft.com/en-us/library/ms687012(VS.85).aspx>.

Venners, B 1997, 'How the Java machine performs Thread Synchronization' , JAVAWORLD, posted 1 July, viewed 14 June 2009, <http://www.javaworld.com/javaworld/jw-07-1997/jw-07-hood.html>.

Wikipedia 2009, Semaphores (Programming), Wikipedia, The free encyclopedia, last modified 5 June 2009, Wikimedia Foundation, Inc., US, viewed 14 June 2009, <http://en.wikipedia.org/wiki/Semaphore_(programming)>.

Wikipedia 2009, Mutual exclusion, Wikipedia, The free encyclopedia, last modified 4 June 2009, Wikimedia Foundation, Inc., US, viewed 14 June 2009, <http://en.wikipedia.org/wiki/Mutual_exclusion>.

Saturday, 13 June 2009

Authentication and Encryption systems

1.Visit an e-commerce website and survey the mode of payment allowed. Would you trust the site with your business?

I have purchased goods from a few different e-commerce. Nearly all of them require me to settle the payments by a credit card. Just one or two can offer me an alternate payment method (e.g. paypal). To a great extent, I trust those e-commerce websites. Normally, I only purchase goods from the well-known companies such as Amazon, Symantec and other software distributors. Besies, I tend to use a virtual credit card with very low credit limit to make the payments because it would minimise the possible loss in case of fraud.

2.What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

Most of e-commerce websites have enabled SSL encryption to secure the communications between the websites and the clients. If the customer is able to view the web address begins with 'https' and the 'lock' image as illustrated below.


The website should have enabled the SSL encryption.


3.Visit the Verisign web site - what solutions does it offer for e-commerce?

Verisign offers a number of products and services to various types of customers. There are four main categories of its products.

  • Consumer Authentication - protect consumer online identities and accounts with a trusted, convenient authentication experience and behind-the-scenes, real-time fraud detection.
  • Enterprise Authentication - address business challenges and regulations around strong authentication, encryption, and digital signatures with secure and scalable PKI and OTP solutions.
  • Government Authentication - PKI and OTP solutions for Federal, state, and local agencies and government contractors.
  • Authentication for individuals - Digital signing, digital certificates and credentials for individuals and organizations to secure and protect online identities.

Not all of above are applicable to the e-commerce practice. Consumer Authentication would be designed for B2C e-commerce transactions and Enterprise Authentication is more for B2B e-commerce transactions.

4.Visit the TRUSTe web site. Describe what services and solutions are offered.

TRUSTe is an independent, privately held organisation which certifies the businesses with its Web Privacy Seal .and Email Privacy Seal. The following is the mission statement of TRUSTe.

TRUSTe helps consumers and businesses identify trustworthy online organizations through its Web Privacy Seal, Email Privacy Seal and Trusted Download Programs. TRUSTe resolves thousands of individual privacy disputes every year (TRUSTe n.d.).

In order to acquire a seal from TRUSTe, the busniesses need to meet the privacy rules set by TRUSTe as well as the legal requirements. However, some people just treat it as a marketinh tool rather a security benchmark (Cline 2003).


References

Cline J 2003, 'Web site privacy seals: Are they worth it?', Computerworld, network & internet, posted 8 May 2003, viewed 13 June 2009, <http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=81041>.

Truste n.d., Advancing Privacy and Trust for a Networked World, mission statement, viewed 13 June 2009, <http://www.truste.org/>.

VeriSign n.d., Products and Services, Verisign Inc., viewed 13 June 2009, <http://www.verisign.com/products-services/index.html>.

Friday, 12 June 2009

Pretecting and archiving data

1.What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?


Ince (2005) notes that a firewall is an extra layer of protection placed around a network or around a particular application. A firewall placed around a network will usually employ a router which can be programmed to deny access to a network, for example it can be programmed to deny access to any packets of data which have been sent to a particular dedicated port. The following diagram illustrates the operation of a simple firewall.Figure 1 A Simple Firewall (Ince 2005 Fig. 11.2)


My firm employs Check Point and WatchGuard as the firewalls for different sites. I myself installed Norton 360 developed by Symantec Corporation on my home machines, which also has the firewall facility. These three firewall products can possibly meet the needs of users from different markets. Check Point is very popular software firewall for enterprises and WatchGuard is a hardware firewall welcomed by SMEs. Norton 360 is a home anti-virus software that also acquires the personal firewall.


2.Find out if your university or workplace has a backup policy in place. Is it followed and enforced?

My firm certainly has a backup policy which is thoroughly implemented. It has multiple backup devices including magnetic tapes and optical disks. They just barely meet our needs and are still manageable. Apart from that, everyday we used up a few backup tapes and optical disks and as time gone by we have accumulated a huge volume of them. Therefore, the metadata of tapes and disks are getting more and more important, which highly affects the recovery process. We all know that the recovery of data is very time consuming and never an easy task. However, we are usually required to fulfil the requests from users with a tight time frame. As a result, this is crucial to implement an effective backup and recovery solution with holistic view.


3.Most of the antivirus software perform an active scanning of the user activity on the Internet, detecting downloads and attachments in e-mails. Hackers have readily available resources to create new viruses. How easy is it to find a virus writing kit?

From the given website, it doesn't take long for someone to create a virus. I just recall what happened about 9 to10 years ago. The 'ILOVEYOU' virus successfully attacked tens and thousands of computers around the world. It created super email storms over the networks in order to give denial-of-service (Dos) attacks to email services. The virus wass actually a simple VB program. After we had analysed the source code of the program, my colleague worked out a solution within 24 hours. The solution was to cheat the virus that the machine had got infected and therefore, it would not execute itself. How? The infected machine would have been inserted a registry key by 'ILOVEYOU' and the virus only attacked the computers wiithout this key. We inserted this key to all computers on the network as a 'vaccine'. According to Wikipedia (2009), 'ILOVEYOU' infected10 percent of all computers connected to the Internet.


References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp. 321-322

Wikipedia 2009, ILOVEYOU, Wikipedia, The free encyclopedia, last modified 28 May 2009, Wikimedia Foundation, Inc., US, viewed 12 June, <http://en.wikipedia.org/wiki/ILOVEYOU>.

Wednesday, 10 June 2009

Electronic payments and security II



1.What are cookies and how are they used to improve security?

Ince (2004) notes that 'a cookie is a file which is placed on a client running a browser and which usually contains details of a particular transaction, for example the products which someone has bought from an e-tailing site.'

According to Wikipedia (2009), there are a few uses of cookies.

  • Cookies were introduced to provide a way to implement a shopping cart a virtual device into which a user can store items they want to purchase as they navigate the site.
  • Cookies allow the server to know that the user is already authenticated, and therefore is allowed to access services or perform operations that are restricted to a user who is not logged in.
  • Many websites also use cookies for personalization based on users' preferences.
  • Some websites use the cookies to track internet users' web browsing habits for on-line advertising purpose (e.g. Google).

Users typically log in by inserting their credentials into a login page; cookies allow the server to know that the user is already authenticated, and therefore is allowed to access services or perform operations that are restricted to a user who is not logged in. In this sense, cookies become the authentication token of users' login.

2.Can the use of cookies be a security risk?

In general, a cookie itself is not dangerous. They may potentially infringe upon the host's privacy, but they are easily removed. A tracking cookie cannot cause any system instability. However, the use of cookies might trigger the following security risks.

  • Inaccurate identification - this problem might arise when multiple users share the same user account on a computer.
  • Cookie hijacking - attackers can use packet sniffing to steel the cookies which are being sent back and forth over the unencrypted http connections and then, intercept the cookies of other users and impersonate them on the relevant websites.
  • Cookie theft - by design the cookie specifications constrain cookies to be sent back only to the servers in the same domain as the server from which they originate. However, the client-side scripts can redirect the values of cookies to a different server. Thus, the attackers can collect the cookies of other users.
  • Cookie poisoning - while cookies are supposed to be stored and sent back to the server unchanged, an attacker may modify the value of cookies before sending them back to the server.
  • Cross-site cooking - this is similar to cookie poisoning, but the attacker exploits non-malicious users with vulnerable browsers, instead of attacking the actual site directly. The goal of such attacks may be to perform session fixation.
  • Inconsistent state on client and server - the use of cookies may generate an inconsistency between the state of the client and the state as stored in the cookie. If the user acquires a cookie and then clicks the "Back" button of the browser, the state on the browser is generally not the same as before that acquisition.

References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp. 305-306.

Wikipedia 2009, HTTP cookie, Wikipedia, The free encyclopedia, last modified 3 June 2009, Wikimedia Foundation, Inc., US, viewed 7 June 2009,<http://en.wikipedia.org/wiki/Intrusion_detection_system>.

Sunday, 7 June 2009

Electronic payments and security I

1.List and describe your experiences with a secure Web site.

Very often I use online banking services to settle my bills and manage my financial transactions. HSBC online banking website adopted two-factor authentication and is equiped with EV SSL certificates. Not only I need to logon it with my user id and password but also, enter a one time password generated by the given hardware token. The password is only effective for 15 seconds.

I have experience of purchasing goods from Amazon. When I make a payment for the selected items, I will have to sign in the secure server for processing the transaction. Hypertext Transfer Protocol Secure (HTTPS) is adopted in the payment module of the Amazon website. There are a few methods to settle the payment. I have chosen the credit card option in my account since day one.

2.What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?

Secure Electronic Transactions (SET) is a protocol which is used for sending credit card information over the Internet. It consists of three major components: Electronic Wallet, SET Server and Payment Server. For details, please refer to my previous blog entry.

Both SET and SSL employed Cryptography to secure the information exchanged over the Internet. This would be tremendous important for online transactions. SET was launched in 1996 but was not very popular in the market even though 'SET was ultimately the strongest technology for securing online payments, businesses tended toward the less sophisticated models as a means of establishing for themselves an online presence' (Free Encyclopedia of Ecommerce n.d.).

Wikipedia (2009) explains why SET could win the market due to the following factors:

  • Network effect - need to install client software (an e wallet).
  • Cost and complexity for merchants to offer support and comparatively low cost and simplicity of the existing SSL based alternative.
  • Client-side certificate distribution logistics.

Free Encyclopedia of Ecommerce (n.d.) also claims that SET is a sophisticated model but users favour the less sophisticated model, SSL. Nowadays, SSL has been the most popular protocol for securing e-commerce transactions. Lee, Malkin & Nahum (2007) have evaluated the adoption and evolution of Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) through 19,000 servers. Most of the well-known e-commerce sites (e.g. Amazon, Buy.com), auction sites (e.g., eBay), on-line banking (e.g., Citibank, Chase), stock trading (e.g., Schwab), and even government (e.g., irs.gov) have adopted the SSL protocol. Communication with these sites is secured by SSL or its variant, TLS, which are used to provide authentication, privacy, and integrity. A key component of the security of SSL/TLS is the cryptographic strength of the underlying algorithms used by the protocol. It is crucial to ensure that servers using the SSL protocol have employed it properly. The adoption rate of SSL 3.0 is very positive.The on-going developments of SSL/TLS really enable them to win the e-commerce market.

References

Free Encyclopedia of Ecommerce n.d., Secure Electronic Transaction (SET), <http://ecommerce.hostip.info/pages/925/Secure-Electronic-Transaction-SET.html>.

Lee HK, Malkin T & Nahum E 2007, 'Cryptographic strength of ssl/tls servers: current and recent practices', Internet Measurement Conference: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, San Diego, California, USA, pp.83-92, also available as pdf file, <http://www.imconf.net/imc-2007/papers/imc130.pdf>.

Wikipedia 2009, Secure Electronic Transaction, Wikipedia, The free encyclopedia, last modified 1 April 2009, Wikimedia Foundation, Inc., US, viewed 7 June 2009, <http://en.wikipedia.org/wiki/Secure_electronic_transaction>.

Monday, 1 June 2009

Designing for a secure framework

Find out about SET and the use of RSA 128-bit encryption for e-commerce.

SET is a protocol which is used for sending credit card information over the Internet. It consists of three major components as listed below:


  • Electronic Wallet - stores the customer's credit card details in an encrypted file on the customer's computer. At the same time, the software associated with SET will produce a public and a private key for processing.
  • SET Server - attaches the digitial signature to the encrypted credit card details received from customers and then, send them to the payment server located at the bank or credit card company.
  • Payment Server - validates the credit card details received from the SET server located at the vendor and then, sends a receipt to both the vendor and the customer.
The beauty of SET is to protect the customer's credit card details and the transcation details from being disclosed to the people handling the transactions (Ince 2004, pp. 319-320).

RSA is the most well-known public key cryptograpy system, which was developed by three professors: Ronald Rivest, Adi Shamir and Leonard Adelman at MIT. RSA128-bit encryption is an algorithm that uses a system of public and private keys to encrypt and decrypt messages over an insecure line (Ince 2004, p. 314). Normally, 128-bit is refering to a symmetric key size which is equivalent to a RSA 3072-bit asymmetric key size, in terms of the level of security (Kaliski 2003). Certainly, the longer the key size means the harder to be broken. Kirk (2007) claims that 'the strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributing-computing achievement'. Kaliski (2003) also points out that RSA1024-bit will be able to protect the security of data until 2010. By that time, the distributed computation capacity will be to break the encryption.

Both SET and RSA encryption can secure the data exchanged in the Internet, which is extremely important in e-commerce transactions.

What can you find out about network and host-based intrusion detection systems?

A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic (Wikipedia 2009).

A host-based intrusion detection system (HIDS) consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state (Wikipedia 2009).

What is 'phishing'?

Webopedia (2009) gives the following definition of 'phishing'?

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

As mentioned above, very often phishing scams rely on placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site. We can identify 'phishing' scams or fake websites by carefully examining the suspicious website addresses:
  1. any typos on the address,
  2. whether the address is a masked address, and
  3. whethere extended validation SSL certificate is applied
This will alert us to the phishing scams or fake sites.

References

Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp 295-320.

Kaliski, B 2003, TWIRL and RSA Key Size, RSA Laboratories, 6 May, RSA Security, viewed 6 June 2009, <http://www.rsa.com/rsalabs/node.asp?id=2004>.

Kirk, J 2007, Researcher: RSA 1024-bit Encryption not Enough, PCWorld, 24 May, viewed 6 June 2009, <http://www.pcworld.com/article/132184/researcher_rsa_1024bit_encryption_not_enough.html>.


Wikipedia 2009, Intrusion Detection System, Wikipedia, The free encyclopedia, last modified 3 June 2009, Wikimedia Foundation, Inc., US, viewed 7 June 2009,
<http://en.wikipedia.org/wiki/Intrusion_detection_system>.

Webopedia 2009, phishing, last updated 1 May 2009, <http://www.webopedia.com/TERM/p/phishing.html>.



Friday, 29 May 2009

WK7:End of the line

What are the hosting solutions?

There are many web hosting solutions in the market. The hosting services allows individuals and organizations to provide their own website accessible via the World Wide Web. In the context of the Rail application, OTBS, we can start with a simple a hosting solution at the development stage. Later, when we move to the production stage, a complex hosting solution for a more comprehensive package that provides database support and application development platforms, is required. According to Wikipedia (2009), the following hosting solutions can be considered for OTBS.

Shared web hosting (development stage) - one's Web site is placed on the same server as many other sites, ranging from a few to hundreds or thousands. Typically, all domains may share a common pool of server resources, such as RAM and the CPU. This solution will be more cost-effective as we can run a few projects one server.


Virtual Dedicated Server (production stage) - It divides server resources into virtual servers, where resources can be allocated in a way that does not directly reflect the underlying hardware. This solution will be more cost-effective as we can run a few projects one server.
Dedicated hosting service - The user gets his or her own Web server and gains full control over it. The user has full administrative access to the box, which means the client is responsible for the security and maintenance of his own dedicated box.
Managed hosting service - the user gets his or her own Web server but is not allowed full control over it. The user is disallowed full control so that the provider can guarantee quality of service by not allowing the user to modify the server or potentially create configuration problems. (Engine Yard provides this service, managed ralis hosting.)

Will our Rails applications run on a cloud computing service in future?

Cloud computing is a new type of hosting platform that allows customers powerful, scalable and reliable hosting based on clustered load-balanced servers and utility billing. Removing single-point of failures and allowing customers to pay for only what they use versus what they could use Wikipedia (2009). Without doubt, OTBS will be moved to the cloud computing service one day as this is the trend for web applications. The internet will be the platform on which the web application run.

Can we make a deployment and maintenance plan by team consensus?

According to Hartl & Prochazka (2007), I work out the following deployment and maintenance plan for OTBS.

Software/Hardware option - Use Mongrel as the OTBS appliaction server and deploy to some flavour of Linux. This is recommended to run Apache in front of a single Mongrel if taking dedicated hosting solution.

Run OTBS in production mode - Deployed OTBS needs to be run in the production environment. The purpose of this section is to practice the steps need to deploy OTBS.

Configure Production Server - Install the same software on the production server that we have running on the development machine and configure them accordingly.

Scaling - Use caching to off load the the production server. Rails has a powerful caching system to help avoid the computational and database access expense of generating dynamic HTML.

Version Control - Capistrano is vey good version control system which can automate deployment and roll back of application source code. It optimises single-server or multiserver deployments.

Debugging
- Use production.log to debug OTBS, the entire application.


References



Hartl, M. & Prochazka, A. 2007, Railspace, Building a social networking site with Ruby on Rails. Addison Wesley Professional, pp.505-516.



Wikipedia 2009, web hosting service, last updated 17 June, Wikimedia Foundation Inc., US, viewed 22 June 2009, <http://en.wikipedia.org/wiki/Web_hosting_service>.

Thursday, 28 May 2009

WK6:Enjoying the Ride

Are we certain that Ruby on Rails is the right platform for Web development?

Ruby on Rails (ROR) is a good choice for the development of OTBS in terms of the cost, flexibility and scalability. ROR is an open source web application framework for the Ruby programming language. In the market, ROR is getting more popular and is welcomed by developers. We can find many plugins and programs on the Internet. Apart from that, the Agile development methodology can enable us to build the scaffolding of OTBS and put it on production within a short time. Later, we can enhance it or add a new module subject to the business needs.

.Net and Java are the most common programming frameworks in the market. Both can be considered to develop OTBS.

Microsoft .NET’s Common Language Runtime (CLR) and Java’s Java Virtual Machine (JVM) are the most popular web application development frameworks. Without installing either one on your computer, many web applications will be able to run on your computer.

The .NET framework's Common Language Runtime (CLR) is much similar to Java Virtual Machine (JVM), in terms of garbage collection, security, just in time compilation (JIT).

Java platform views the Internet world as one language running on different operating systems (OS), whereas .NET framework views the world running on one OS with a programmers having choice of multiple languages. Therefore Java platform interpolates multiple operating systems, and .NET framework interpolates multiple languages. Therefore, SUN Java does not focus on the GUI development as we know the server side programming does not really need GUI. On the contrary, Microsoft dominates the client side desktop market.

So far Microsoft has issued three development tools including C#, VB.NET and C++, including for developments plus five execution containers hosting this runtime, namely: ASP.NET, Windows Shell, VBA scripting host for Office suite, Visual Forms container and IE (Internet Explorer). Much like Java it contains a rich set of API and lib.

Besides, Microsoft has done an excellent job to standardise .Net framework CLI/CLR in European Computer Manufacturing Association (ECMA) and standardise Simple Oject Access protocol (SOAP) through W3C. These will help to take hold the web application development market.


Reference
Banerjee A 2001, .NET framework comparison with Java Architecture, Mindcracker Network, viewed 26 April 2009, <http://www.c-sharpcorner.com/UploadFile/abanerjee/DotNetforJava11292005023419AM/DotNetforJava.aspx>.

Wednesday, 27 May 2009

WK5:Admiring the scenery

Part A: Survey of mobile device capability and Web 2.0 tools

What is Web 2.0?

First of all, we need to have an idea of what Web 2.0 is about. It has been a very hot topic in the Internet world. At this stage, Web 2.0 is still very cloudy and many people (including researchers, developers and users) are having different interpretations on it. I have actually read through a few comtemporary research arcticles and can only give a very general summary based on the majority views.

Without doubt, Web 2.0 encourages interaction and collaborative work through the Internet no matter you are a developer or an user. Nowadays, many popular websites such as FaceBook, Google Maps and My Space are operating according to this concept (O'Reilly 2005). Social networking is one of the outcomes of Web 2.0. From the perspective of developers, web becomes the development platform by which applications the services are delivered (Pilgrim 2008).


Wigand, Benjamin & Birkland (2008) claims that '...Web 2.0 is a paradigm shift how users use the web, a development that questions everything that has been developed and applied so far. Pilgrim (2008) also agrees with the shift in the paradigm of users' behaviour. In addition, he criticises that the rush to embrace Web 2.0 has resulted in many developers overlooking principles of good design and usability established over the last decade. This is an imperative issue for designing OTBS with the concept of web 2.0 but shouldn't go beyond the pre-defined scope.

1.Find out and recommend what type of mobile devices are suitable for:Just the SMS message service;

a.Just the SMS message service;

I have reviewed a few taxi-booking systems in the major cities such as Perth, Ho Chi Minh City, Sinagaporeb and etc. This is practical and economically and technically feasiable to use the SMS message service the OTBS. In the market, there are many taxi booking systems are available and they employs SMS as one of the communication means between the passengers and the service centre.


b.The full user experience via SMS, GPS Taxi tracking and Google Maps

In Ho Chi Minh City, the taxi booking system, DiaDiem integrates the global positioning system (GPS) and touch screen devices inside a vehicle with the ability to communicate with a mobile phone or website. It focuses on three different perspectives: the customer, call center and taxi.The customer will first use a website, a mobile application or an SMS message to place a taxi pickup order. The website will be launched by DiaDiem later. The order placing process is conducted with the support of a DiaDiem software via a transmission medium (SMS, GPRS or Wi-Fi)( TN 2009).


2.Describe any new hardware, networking, software, systems, procedures and personnel that would be needed by the taxi company Website to support this stage 2 development.


Hardware: touch screen devices with GPS in each taxi, Cell phone or wireless devices with GPRS or 3G that can browse Google map

Software: OTBS backend server and WebSMS software used by the service centre; and Google map used by both passengers and drivers

Networking and system: SMS system including WebSMS, GPS system for GPS tracking

Implementation/Training: cost incured on the implementation and training


Part B: The enhanced customer experience through Web 2.0 technology

1.Use a table to describe how the customer experience is improved by:
a.Horizontal scalability (eg ordering a taxi by mobile phone call or SMS, mobile Internet, desktop or laptop computer)
b.Service oriented features (eg SMS updates using location data, knowing the driver’s name before the ride and being greeted by your name etc)
c.Other customer services enabled by Web 2.0 (eg reputation system)

Part C: Online Taxi Business Process Modelling

Apart from the business basics of offering a clean car, safe driving, being on time, consider the business processes involved and construct a Simple Online Taxi business process model using any suitable drawing tool.



References


O'Reilly, T 2005, What Is Web 2.0:Design Patterns and Business Models for the Next Generation of Software, O'Reilly Media, Inc, viewed 27 May 2009,
<http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html>.



Pilgrim, JC 2008, 'Improving the usability of web 2.0 applications', Conference on Hypertext and Hypermedia:Proceedings of the nineteenth ACM conference on Hypertext and hypermedia, Pittsburgh, PA, USA, pp. 239-240, <http://delivery.acm.org/10.1145/1380000/1379144/p239-pilgrim.pdf?key1=1379144&key2=9831173421&coll=GUIDE&dl=GUIDE&CFID=38231369&CFTOKEN=10579826>.



TN 2009, First GPS Integrated Taxi booking system to debut, Vietnam Business Finance, posted 27 April, viewed 6 June 2009, <http://www.vnbusinessnews.com/2009/04/first-gps-integrated-taxi-booking.html>.



Wigand, TR, Benjamin, IR & Birkland, LHJ 2008, 'Web 2.0 and beyond: implications for electronic commerce', ACM International Conference Proceeding Series: Proceedings of the 10th international conference on Electronic commerce, Innsbruck, Austria, vol 342, article 7, also available in pdf format, <http://delivery.acm.org/10.1145/1410000/1409550/a7-wigand.pdf?key1=1409550&key2=9823863421&coll=GUIDE&dl=GUIDE&CFID=38172456&CFTOKEN=67009489>.
Zajicek, M 2007, 'Web 2.0: Hype or Happiness?', ACM International Conference Proceeding Series:Proceedings of the 2007 international cross-disciplinary conference on Web accessibility (W4A), Banff, Canada, vol 225 pp. 35-39, <http://www.w4a.info/2007/prog/k2-zajicek.pdf>.

Sunday, 17 May 2009

Evaluation Report for Assignment 1

Dear all peers,
The following is my elevator pitch for this blog.
I have shared my research on E-system through this blog. I really wrote down my experience of doing the exercise and workshops of course, including my joys and frustrations.

I have been an IT specialist for over 15 years and truly I have gained my expertise through my job. I am good at database management, business process analysis and project implementation. This time is really a good chance for me to extend my knowledge to e-commerce systems. To refresh me a lot even though I have got many troubles to get PHP, MySQL, Apache and Instant Rails to work on my computers. This is a good experience to expose myself to Open Source World and Online community.

I think I have spent quite some time on the research of Online Community or social networking. This is my favourite topic. You can enjoy it.

All the while, I have been very behind in the class. This is the main reason I don’t interact very with my course mates. I do get helps from Sam Kwong and Dennis Leung and refer to their blogs a lot. Like Workshop 3, I found it difficult to complete it until I read through Sam’s blog.

Honestly, the coverage of ITC 594 is very broad and not easy to complete the programming exercise. Anyway, I have been benefitted through the practical work. Now I know the free tools such as MySQL Query Browser, Aptana Studio ... which are not worse than MS SQL Query Analyer, Visual Studio...

If I had more time, I believe I would do much better.

Thank you for reading my blog.

Saturday, 16 May 2009

WK4: Riding the Rails with Ruby

1.)If you are running Instant Rails, you can start Ruby Console Windows as illustrated below:

I execute "dogyears.rb" at Ruby Console Windows as follows:

2.)The difference between Ruby and Javascript in terms of the syntax. Take "If... statement" as an example, there is no "end" for it in Javascript. I extract the script from the dogyears program and rewrite in Javascript. Please see below.

Ruby

if age <> 110
puts "Frankly, I don't believe you."
else

puts "That's #{age*7} in dog years."
end


JavaScript

if (age<>
{
document.write("Negative age?!? I don't think so.");
}
else if (age <> 110)
{
document.write("Frankly, I don't believe you.");
else
{
document.write("That's #{age*7} in dog years.");
}

3.) JavaScript and Ruby both are metaprogramming tools and object oriented programming languages. They have the following similarities:

  • Both are web appliaction development tools.
  • Both are scripting language (lightweight programming language).
  • Both are usually embedded directly into HTML/XML pages
  • Both are interpreted language (means that scripts execute without preliminary compilation)

4.) I have written the programs "catnames.rd" and "fizzbuzz.rd" illustralled as follows:

The results of the above programs are listed below:


Reference

W3Schools n.d., JavaScript Introduction, viewed on 17 May 2009, <http://www.w3schools.com/JS/default.asp>.

Monday, 11 May 2009

WK3: MySQL and Database design

1.)I install the tool, MySQL Query Browser verson 1.2.17. which is not a bad tool. However, later I realise that PhpMyAdmin bundled with Instant Rails (IR) is even better.


I use MySQL Query Browser to execute the script to create a few databases including (OTBS, dev_OTBS and test_OTBS) and created each database a table, "passengers".


I generated the following script from MySQL Query Browser

CREATE TABLE 'otbs'.'passengers' (
'index' int(11) NOT NULL auto_increment,
'name' varchar(20) default NULL,
'job_id' varchar(5) default NULL,
'contact_number' int(8) default NULL,
'suburb_origin' varchar(15) default NULL,
'street' varchar(20) default NULL,
'street_number' int(4) default NULL,
'building' varchar(8) default NULL,
'suburb_destination' varchar(20) default NULL,
'passenger_number' int(1) default NULL,
'taxi_type' varchar(8) default NULL,
'Call_date' date default NULL,
'time_required' varchar(4) default NULL,
PRIMARY KEY ('index'))
ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;




2.)Start "Manage Rails Applications..." from IR

3.)Create the Rails application by entering "rails -d mysql OTBS" at ..railapps>


4.)Hit "Refresh List", check OTBS and run "Start with mongrel"


5.)Test the connection by entering "http://127.0.0.1:3000/"

I need to copy "libmySQL.dll" from \mysql\bin\ to \ruby\bin\ to resolve the following error

I need to config "database.yml" to resolve the following error:

Mysql::Error in Rails/infoController#properties unknown database

Adding the following entries to "database.yml"
development: adapter: mysql encoding: utf8 database: dev_OTBS host: localhost username: root password:

test: adapter: mysql encoding: utf8 database:test_OTBS host: localhost username: root password:

production: adapter: mysql encoding: utf8 database: OTBS host: localhost username: root password:


6.)Create Model for Passenger by typing "ruby script/generate model passenger" at ..railapps\OTBS>

7.)Create Controller for Passenger by typing "ruby script/generate controller passenger" at ..railapps\OTBS>

8.)Install "Scaffold" plugin to create a set controller methods for CRUD operations of OTBS by typing "ruby script/plugin install scaffolding" at ..railapps\OTBS>

9.)Install paginate plugin to work with Scaffolding by typing "ruby script/plugin install svn://errtheblog.com/svn/plugins/classic_pagination"

However, this is not very easy to get it installed on your machine based on my experience. First of all, you need to unblock the snv connection from the firewall of your machine. Secondly, the connection is not very stable and get time out very often. Therefore, I switch to another plugin, "Will_paginate". You can download it from the following website. Unfornately, it doesn't work my version of Ruby (1.8.6). Please don't attempt!


http://github.com/mislav/will_paginate/tree/master


10.)Modify the controller of "passenger" (i.e. passenger_controller.rb) by adding "
scaffold:passenger" (Aptana is a good programming tool!)

11.)Test the connection by entering "http://127.0.0.1:3000/passenger" Geat! I can get it to work eventually. It takes me a week to work it out.

I use Mongrel instead of WEBrick even through most of Ruby tutorials are using WEBrick.

I qouted the definition from (trac n.d.)

What is Mongrel?

Mongrel is a fast HTTP library and server for Ruby that is intended for hosting Ruby web applications of any kind using plain HTTP rather than FastCGI or SCGI. It is framework agnostic and already supports Ruby On Rails, Og+Nitro, Camping, and IOWA frameworks. Mongrel was originally written by Zed A. Shaw.

Trac n.d., What is Mongrel, <http://mongrel.rubyforge.org/>.