Exercise 15: Protecting and Archiving Data

1. A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. (Wikipedia, 2009). It is worth to invest the firewall since it guarantee that orgainisation's internal network is free from unauthorized break in.

a. Cisco provides hardware firewall supply, <http://www.cisco.com/>

b. Checkpoint provides software and hardware firewall supply, <http://www.checkpoint.com/>

2. My bank has a backup policy and it is enforced by the Hong Kong Monetary Authority. All the critical data would be backup and placed at the off site.

3. When search on google.com with the " virus writing kit" , there are 6,470,000 web sites are match, therefore, we can tell how easy to look for a tool and create a new virus

References:

Wikipedia, 2009, ' Firewall'

<http://en.wikipedia.org/wiki/Firewall>

Exercise 14: Electronic Payments and Security II

1. Cookies are data files with small pieces of text which are stored under the users' computer by a web browser, they contain the user's settings, shopping cart contents, or other data used by websites. ( Wikipedia, 2009) . It support the security enhancement , due to it stores the name and password of the users, therefore, only that particular cookies can get into the security website, otherwise username and password are necessary to re-key in again.

2. Cookies can be a security risk because it contains user name and password in the text format, therefore, when it was connected to the internet, there would be a chance to expose this kind of information to the third party.

References:
1. Wikipedia, 2009, ' Http Cookies'
<http://en.wikipedia.org/wiki/HTTP_cookie>

Exercise 13: Electronic Payments and Security

1. I used the Hong Kong Bank internet-banking very often. I found, the security level is pretty high, they have three levels of security input, firstly, you have to input your name, secondly, your owned password , thirdly the security code generated by token given by Hong Kong Bank. They used the SSL technology for encryptions.

2. Secure Electronic Transactions (SET) is an open protocol which has the potential to emerge as a dominant force in the securing of electronic transactions. Jointly developed by Visa and MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions (IBM 1998). SET is comparatively secure common with SSL , since SET needs to have the additional software be installed and informed an other third party , however, SSL just only cater directly with customers and merchants only.SET is not common in the market, since the cost and additional software and configuration had to implemented. (Wikipedia, 2009)

References:
Wikipedia, 2009, ' Secure Socket Layer'
<http://en.wikipedia.org/wiki/Secure_socket_layer>

Exercise 12: Designing for a Secure Framework

1. Secure Electronic Transactions (SET) is an open protocol which has the potential to emerge as a dominant force in the securing of electronic transactions. Jointly developed by Visa and MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions (IBM 1998).

RSA 128-bit encryption as a standard feature to ensure that data stays secure. RSA encryption is the industry standard for use in securing applications, and RSA 128-bit encryption is widely considered unbreakable, therefore, when it applies to the e-commerce, it secures the credit card encryption while works over the transactions through the internet.(Information Management Online, 2005)

2. Network-based intrusion detection systems use raw network packets as the data source. A
network-based IDS typically utilizes a network adapter running in promiscuous mode to monitor
and analyze all traffic in real-time as it travels across the network. Its attack recognition module
uses four common techniques to recognize an attack signature:
· Pattern, expression or bytecode matching,
· Frequency or threshold crossing
· Correlation of lesser events
· Statistical anomaly detection

Host-based intrusion detection started in the early 1980s before networks were as prevalent,
complex and interconnected as they are today. In this simpler environment, it was common
practice to review audit logs for suspicious activity. Intrusions were sufficiently rare that after the fact analysis proved adequate to prevent future attacks (ISS, 1998)

3. The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. (Webopedia, 2008)

References

1. Information Management Online, 2005 , ' Increases Security by Providing RSA 128-bits Encryption as Standard Platform Security Level'

<http://www.information-management.com/news/1022600-1.html>

2. ISS, 1998, ' Network-base vs Host-based Intrusion'

<http://documents.iss.net/whitepapers/nvh_ids.pdf>

3. Webopedia, 2008 ' Phishing'

<http://www.webopedia.com/TERM/p/phishing.html>

Workshop 4- Riding the Rails with Ruby

1. I found the 46 ruby coding examples are useful and interesting, it shows from easy to hard and give the ways to show how the ruby coding syntax, a very good website for learning ruby programs.
2. The difference between Javascript and Ruby (Githud, 2008)
Ruby:
def create
@milestone = Milestone.new @params['milestone']
@milestone.creator = @person
@milestone.domain = @person.domain
if milestone.save
flash['notice'] = 'Milestone ' + @milestone.name + ' is created.'
redirect_to_action 'show', :id => @milestone.id
else
render_action 'new'
end

Javascript:
this.create = function(req, res) {
with (res) {
res.milestone = Milestone.newInstance(req['milestone']);
milestone.creator_id = person.id;
milestone.domain_id = person.domain_id;
if (milestone.save()) {
flash['notice'] = 'Milestone ' + milestone.name + ' is created.';
redirectToAction('show', milestone.id);
} else
renderAction('newInstance');
}
}
-Ruby use elsif and else whereas , javascript use elseif and else
- Javascript use open bracket for conditions () and {} whereas Ruby didn't use that

Challenge Problem

1. Compare the three dogs name in alphabetical order

Source

Result

2. FizzBuzz Source

FizzBuzz Result

3. Compare the program code between Ruby and Python - dog years calculator

- Python is using the function method to work on the coding, and this function can call by the program itself

- Syntax is not the same between Ruby and Python, in fact, they peform the same task, for instances,

a. put for Ruby and print for Python

b. Elsif for Ruby and elif for Python

c. bracket for conditions under Python and not for Ruby

References:

Githud, 2008, 'New and Edit Miliestone'

<http://github.com/mtkd/gitlab/commit/2cf27df1ed39c1f8644bb436f363e9aa794b7f6a>

Workshop 3 Online Taxi Booking System

To Do:
1. Setup the MySQL Tools
a: MySQL Query Browser with the inserted records and result

b. MySQL Administrator Tool with table properties added

c. MySQL Administrator creatd the database: itc and table : passsengers

2. Setup the new project called Taxi and created with the startup server Taxiserver

3. The Taxi Server is started , http://localhost:3000

3b. Database.yml

# MySQL version # gem install mysql -ruby (not necessary on OS X Leopard)

development:

adapter: mysql

database: itc

username: root

password: 123456

host: localhost
# Warning: The database defined as "test" will be erased and# re-generated from your development database when you run "rake".# Do not set this db to the same as development or production.

test:

adapter: mysql

database: itc

username: root

password: 123456

host: localhost
production:

adapter: mysql

database: itc

username: root

password: 123456

host: localhost

4.a. Generate the Passengers model and create the database table

- Firstly, the passengers must be created under the model by the generator

- Secondly, amend the 20090412090902_create_passengers.rb which is created by the generator under the db migrate folder

- Thirdly, add the table fields like t.column : name, :string into the file , show under the screenshot

4.b. Rake tasks and select db:migrate, then all the table fields will be created under the passengers.

Workshop 2- Model View Controller design approach

To Do:
1. Join one of the classmates , Dennis focus group to take parts in the discussion.
2. A web application framework is a software framework that is made to support the development of dynamic websites, web application and web services ( Wikipedia, 2009). Ruby on Rails provides beautiful code by convention over configuration and it has taken the programming world by storm by its MVC approach to application developement. Also, it provides a micro-framework weighing 4kb, therefore, it keeps things simple and minimal dependencies ( Mindtree, 2008)
3.a.The "topic does not exist yet " under the web page
3.b. MVC is firstly developed by Trygve Reenskaug in year 1979. As Model View Controller has their own responsibility, for instance, stores the data and application logic for the interface . View is used to renders the interface (usually to the screen) . Model is Responds to user input by modifying the model .
4. UC Berkeley RAD lab’s Ruby on Rails Short course is an interesting presentation.
5. The article is concerning the approach and the responsibility of the MVC

Challenge Problem:
1. The controller is used to maitain the index, new, edit , create, and delete. It can be created by generating under the RadRails

2. View is used to handle the view of new, index, show and edit.erb and the extention can change to rhtml in order for Rails to read on them.

Workshop 1 - Setting up the model railway

Project : Create two tables , one is passenger_orgin and passenger_destination
a. Table of Passenger_destination

b. Table of Passenger_orgin


To Do:
1. From the “Learning Rails” podcasts, I just chose the topics which were aroused my interests only :-)
2. Ruby on Rails is installed in my notebook

3. Yes, Instant Rails is using, therefore, save the time on configuration.

Challenge Problem
1. I did not do much programming over my career path even, when I was in school. Therefore, the programming languages i know just only a few:
a. javascript
b. java
c. html

A web application framework is a software framework that is made to support the development of dynamic websites, web application and web services ( Wikipedia, 2009). Ruby on Rails provides beautiful code by convention over configuration and it has taken the programming world by storm by its MVC approach to application developement. Also, it provides a micro-framework weighing 4kb, therefore, it keeps things simple and minimal dependencies ( Mindtree, 2008)

2. Interpreted language is a programming language in the forms of an interpreter. Any language may be compiled or interpreted, therefore, this designation is purely implemented and not underlying in the property of a language (Wikipedia, 2009)."Ruby is the interpreted scripting language for quick and easy object-oriented programming because it has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, extensible, and portable".(Nixbit, 2006)

3. Rails is the killer application that leverages various characteristics of Ruby language-meta-programming, closure, etc. (Shin, 2009)
4. Rails has sensible defaults for every aspect of a web application. Following the conventions, you can write a Rails application, using less code than most other web application frameworks. If you need to override the conventions, it's also easy with Rails. Taking advantage of the built-in defaults of the Rails framework has a wide range of advantages over making up your own. One of the biggest is that it makes it easier for other programmers to understand your code. (Wiki, 2009)

An example of convention over configuration:def generate_pi(decimals = 10)
# compute pi
end
compute_pi() => 3.14...
compute_pi(2) => 3.1
The convention is that you compute pi upto 10 decimals. This will be enough for most uses, but you can override it if you want.Such small-scale convention over configuration is also valuable in existing projects. (Jacobs, 2006)

5.MVC was invented at Xerox Parc in the 70's, apparently by TrygveReenskaug. The first public appearance was in Smalltalk-80. For a long time there was virtually no public information about MVC, even in Smalltalk-80 documentation. The first significant paper published on MVC was "A Cookbook for Using the Model-View-Controller User Interface Paradigm in Smalltalk -80", by Glenn Krasner and Stephen Pope, published in the August/September 1988 issue of the JournalOfObjectOrientedProgramming (JOOP). MVC is the seminal insight of the whole field of graphical user interfaces. MVC work was the first to describe and implement software constructs in terms of their responsibilities.MVC was the first significant use of protocols to define components instead of using concrete implementations -- each controller class had a certain set of messages it had to respond to, as did each view class, but otherwise there were no constraints on what they did and how they did it. (Stafford, 2004)

6. MVC Approach (Stanchfield, 2009)

- Updating the GUI requires only changing GUI code. The stable business logic is not touched.

- Updating network architectures, perhaps changing from a two-tier to a three-tier database architecture requires modifying only part of the model. The stable GUI is not touched.

- Creating a limited feature demo might merely be a matter of subclassing the model to block access to some features. Again, no change to the GUI.
- Adding a new way to examine data is simply a matter of adding a new view. Often no change to the model is necessary, nor is it necessary to change other views!

References:

1. Wikipedia, 2009. ' Web Application Framework'

<http://en.wikipedia.org/wiki/Web_application_framework>

2. Mindtree, 2008,'Most Popular Web Application Framework'

<http://www.hurricanesoftwares.com/most-popular-web-application-frameworks/>

3. Wikipedia, 2009, ' Interpreted Language'

<http://en.wikipedia.org/wiki/Interpreted_language>

4. Nixbit, 2006, ' Ruby 1.8.5-p2'

<http://nixbit.com/cat/programming/interpreters/ruby/>

5. Shin, 2009, ' Empower You'

<http://developers.sun.com/events/techdays/presentations/locations-2008/saopaulo/java_socialcomputing/td_br_rubyrails_shin.pdf>

6. Wiki, 2009, ' Rails Wiki'

<http://wiki.rubyonrails.org/getting-started/overview/tenets>

7. Stafford, 2004, ' Model View Controller History'

<http://c2.com/cgi/wiki?ModelViewControllerHistory>

8. Stanchfield, 2009 'Why MVC is So Important'

<http://www.javadude.com/articles/vaddmvc1/mvc1.htm>

Exercise 11: XML Introduction

1. The one essential tool for reading and modifying XML is a “parser”. The term “parser” and “processor” are interchangeably, although technically this is not correct. Any program that takes an XML file as its input and produces some output based on the XML files content is an XML processor. An XML browser is an example of processor, as are programs that create typesetting codes, synthesized speech or HTML pages based on XML document. A parser is software that performs the first step in processing an XML document. Seldomly, if ever, will an XML parsers operate on it’s own. Rather, a parser is almost always used as part of an XML processor. The most basic task of a parser is checking the XML document for well-formed data, making sure the documents content follows the rules of XML syntax. All parsers perform this task, if the syntax is incorrect the parser will detect it. Most parsers can also check a document for validity by checking against DTD or Schema. While not all documents require validation, many do. (Gokul, 2003)

2. W3C XML Schema which supports the transfer of benefits enrollment data between organizations. This schema is part of the XML Consortium effort to define an XML vocabulary to support business transactions. XML provides many benefits to adopters. The richness, flexibility and accessibility of the XML standard have made for early and enthusiastic adoption by many IT functions. As a result, there are a large number of tools available to help reduce the development effort associated with producing or processing data transmitted in XML. This reduces barriers to adoption of the standard for organizations of any size.(HR-XML, 2001)

3.Synchronized Multimedia Integration Language(SMIL) fulfills the needs of integration,synchronization, and efficient online delivery of differentmedia types such as text, music, speech, image, and video. It is a multimedia elements in a synchronized manner under a unified feature space. An efficient SMIL retrieval scheme based on textual feature and content feature is proposed. SMIL is suitable for real-time multimedia information delivery over networks,especially for limited bandwidth connections. As an example, the Multimedia Messaging Service (MMS) of mobile technology uses SMIL to represent messages. (IEEE, 2004)

References:

1. Gokul, 2003, 'My First XML Document'

<http://www.devshed.com/c/a/XML/My-First-XML-Document/2/>

2. HR-XML, 2001' 'Benefit Enrollment'

<http://xml.coverpages.org/HR-XML-Benefits-Enrollment-1_0.pdf>

3. IEEE, 2004,'Content-Based SMIL Retrieval'

<http://www4.comp.polyu.edu.hk/~csdct/Publications/2004/ICIG.pdf>