After studying this course, I have been updated with some industry new developments and theories, I have done more research and am now convinced that our business (as a SME) should use an open source CMS such as Joomla, Drupal or Wordpress. I have used Drupal in the past, but Joomla 1.5 and its Joomla framework tools seems to be able to take our project further.
I have recently been using Joomla 1.0 (a version of Mamba) as our CMS for various websites including a new Corporate website (http://www.ClubFervor.com ) . Currently I am also evaluating Joomla 1.5 which has subtantial support from various frameworks.
I have also recently reviwed some presentation from the developer community. Here is one of them http://hdl.handle.net/1807/10363 and http://www.scribd.com/doc/15093512/Joomla-Framework-Tour
It appears that using a framework development tools, i may be able to make use of the Joomla CMS and wrapped around it with custom application developed via rapid prototyping tools.
Interesting indeed. !!
Thursday, May 28, 2009
Monday, May 25, 2009
Elevator Pitch# 2
Hi. My name is Daniel Chun. This course has been useful in introducing many contemporary internet technologies, web development tools and its underlying benefits. I graduated in computer science 20 years ago, and have mostly been developing business models for internet business (B2B and B2C) side as opposed to involving in coding. Having said that, the ability to get back to the lower level working with syntax and codes still gives me that extra edge when managing complex business relationships, processes, analysis and outcomes.
Although the RoR workshops and tutorials have been more than what I can cope for, I am sure that the intent to get the student understanding the elegance of the contemporary approach to rapid prototyping and development process was the message to today's manager. As a General Manager of a SME in HK, my learnings here in this course will be mostly focused in developing a means (through e-infrastructure and portal and modules development) to engage users (end customers) of our hardline products to become our own "loyal customers" "believers". I will be consuming more of my time to understand what will be the best way for our business to use existing open source CMS system such as Joomla, and other people's loyalty management system to integrate into a complete CRM system. Some modules and components will be developed using these framework to be installed under Joomla.
Thank you.
Tuesday, May 19, 2009
Exercise 26.
1. I have chosen the scope of study to focus on the business integration of Customer Relationship Managament in a manufacturing environment.
2. Summarise your understanding and describe its relevance (250 words max) in either your study at university or in your work environment;
As a manufacturer involving in both OBM (ie. original brand manufacturing) and OEM (Original Equipment Manufacturing); our end customers are indirectly serviced through retailers and distributors. As such, it is often very difficult to understand what are the customers feedback and purchasing behaviour. Getting access to these information are often a tedious and inefficient process of collecting paper based feedbacks and complaints. With the advent of telecommunications, manufacturers can use various touch points such as web, mobile and interactive kiosks to engage a consumer to tell more about their experience. Proctor & Gamble has designed MyPampers.ca - a loyality solution in rewarding their customers some form of rewards. This engagement of end customers now allows the manufacturer or brand owner to learn more about the customer's purchase and consumption behavior. The need to integrate a component of the CRM is to ensure that the business process are tracked when there are multiple touch points in which consumers can interact with the company or system as a whole, the records or business intelligence are therefore essential to deliver services to end customers. A collective database supported by analytics engines gives a business the intelligence to forecast demand, seasonal purchase patterns, and to a certain extent involve users in the feedback loop of new product development (NPD).
2. Summarise your understanding and describe its relevance (250 words max) in either your study at university or in your work environment;
As a manufacturer involving in both OBM (ie. original brand manufacturing) and OEM (Original Equipment Manufacturing); our end customers are indirectly serviced through retailers and distributors. As such, it is often very difficult to understand what are the customers feedback and purchasing behaviour. Getting access to these information are often a tedious and inefficient process of collecting paper based feedbacks and complaints. With the advent of telecommunications, manufacturers can use various touch points such as web, mobile and interactive kiosks to engage a consumer to tell more about their experience. Proctor & Gamble has designed MyPampers.ca - a loyality solution in rewarding their customers some form of rewards. This engagement of end customers now allows the manufacturer or brand owner to learn more about the customer's purchase and consumption behavior. The need to integrate a component of the CRM is to ensure that the business process are tracked when there are multiple touch points in which consumers can interact with the company or system as a whole, the records or business intelligence are therefore essential to deliver services to end customers. A collective database supported by analytics engines gives a business the intelligence to forecast demand, seasonal purchase patterns, and to a certain extent involve users in the feedback loop of new product development (NPD).
Exercise 25. M-Commerce
1. Location based service - means the ability to correctly identify the location of a mobile customers and then offer a series of value added services that are of great interest to the mobile users. The exact mechanism of offering this service is based on the premise that the cell sites base station can actually track the users using their bearings when mathematically calculate through three or more base stations transceiving the signals for a mobile phone being switched on. In theory, there are always overlapping signal coverage to a mobile but only one is providing the actual signal path at a time via a contention algorithm. So there are also other signals providing a mobile phone even though it is not engaged in the active mode per se.
By using the other passive base stations' and its signal strength and additional information about the direction of the signals, these informaiton can help a mobile operator to identify approximately where a mobile user will be. And based on this assumption, a mobile operator or a value added service provider can therefore offer information or service coupons or offers that is based on these geographic locales.
Restaurant and shopping guides, coupon offers, and similar call for action type service are the most common services.
2. WAP or SMS services for an airline website and a bank will be significantly different. The banking industry will have more details and audit trail since banks are required by laws and regualtion for certain money laundering activities, and this touch point or channel for completing a transaction would be perceived as the same as going to the bank. Although the services that can be viewed (ie. Informational base) such as real time or not is irrelevant, the substantial consequence of using WAP and SMS as a channel in a banking environment would be definitely be governed the same way as a bank teller window.
3. W3C website has specific micro sub site on VoiceXML. http://www.w3.org/Voice/
Voice based hypertext markup languages is the original thought for VoiceXML is the W3C's standard XML format for specifying interactive voice dialogues between a human and a computer. It allows voice applications to be developed and deployed in an analogous way to HTML for visual applications.
According to W3C, the VoiceXML 3.0 is being implemented now since Dec 2008 published. Many applications have been deployed, processing millions of telephone calls per day. These applications include: order inquiry, package tracking, driving directions, emergency notification, wake-up, flight tracking, voice access to email, customer relationship management, prescription refilling, audio newsmagazines, voice dialing, real-estate information and national directory assistance applications.
Most of the applications todate appears to be at inbound or outbound calling related applications typical of a customer call center, tele-marketing, operator-assisted environment and perhaps used for "software agents".
4. Nokia is predominantly a hardware manufacturer from mobile switch CO, base station related BCS, BTS, software, handphones, drivers for handphones, open application interface - they have also invest resources in the development of applications of mobile devices. When being described as end-to-end expertise.
Companies that are involved in mobile telephony market today may not necessary have the expertise and intimate knowledge of the necessary technology at the back end - the ones that actually provides the call, the call transfer, the location based advisory service, etc. Although a common protocol are often followed using industry standards such as GSM MoU, 3GPP, ITU, IEEE, etc.
As a leading mobile technology provider, Nokia offers the infrastructural domain expertise more than just the "handphones" we see today. Most of us have never seen a BTS, BCS or mobile switches in their entire life.
By using the other passive base stations' and its signal strength and additional information about the direction of the signals, these informaiton can help a mobile operator to identify approximately where a mobile user will be. And based on this assumption, a mobile operator or a value added service provider can therefore offer information or service coupons or offers that is based on these geographic locales.
Restaurant and shopping guides, coupon offers, and similar call for action type service are the most common services.
2. WAP or SMS services for an airline website and a bank will be significantly different. The banking industry will have more details and audit trail since banks are required by laws and regualtion for certain money laundering activities, and this touch point or channel for completing a transaction would be perceived as the same as going to the bank. Although the services that can be viewed (ie. Informational base) such as real time or not is irrelevant, the substantial consequence of using WAP and SMS as a channel in a banking environment would be definitely be governed the same way as a bank teller window.
3. W3C website has specific micro sub site on VoiceXML. http://www.w3.org/Voice/
Voice based hypertext markup languages is the original thought for VoiceXML is the W3C's standard XML format for specifying interactive voice dialogues between a human and a computer. It allows voice applications to be developed and deployed in an analogous way to HTML for visual applications.
According to W3C, the VoiceXML 3.0 is being implemented now since Dec 2008 published. Many applications have been deployed, processing millions of telephone calls per day. These applications include: order inquiry, package tracking, driving directions, emergency notification, wake-up, flight tracking, voice access to email, customer relationship management, prescription refilling, audio newsmagazines, voice dialing, real-estate information and national directory assistance applications.
Most of the applications todate appears to be at inbound or outbound calling related applications typical of a customer call center, tele-marketing, operator-assisted environment and perhaps used for "software agents".
4. Nokia is predominantly a hardware manufacturer from mobile switch CO, base station related BCS, BTS, software, handphones, drivers for handphones, open application interface - they have also invest resources in the development of applications of mobile devices. When being described as end-to-end expertise.
Companies that are involved in mobile telephony market today may not necessary have the expertise and intimate knowledge of the necessary technology at the back end - the ones that actually provides the call, the call transfer, the location based advisory service, etc. Although a common protocol are often followed using industry standards such as GSM MoU, 3GPP, ITU, IEEE, etc.
As a leading mobile technology provider, Nokia offers the infrastructural domain expertise more than just the "handphones" we see today. Most of us have never seen a BTS, BCS or mobile switches in their entire life.
Exercise 24. Virtual business worlds and software agents
1. There are the following didfferent kind of software agents.
Intelligent Software agents
Autonomous agents
Distributed agents
Multi-agents
Mobile agents
Fuzzy agents
2. An extensive amount of software intelligence - in the form of articficial intelliegence and according to Wikipedia, Intelligent agents (also known as rational agents) are not just software programs, they may also be machines, human beings, communities of human beings (such as firms) or anything that is capable of goal directed behavior.
3. e-Commerce vs Software agents
Agents can used the latest and prevalent technologies to handle transactions carried over on the internet space (
4. a, b LC_MOO at http:///
,
C. I cannot get it working, Only using Browse and a screen that explains ROCKY ..
Tried using it with an account "train1" and "train1" as pwd
Reference:
1. Griss, M (2001) Software Agent as next generation software components. Ch.36 in Component-Based Software Engineering: Putting the Pieces Together. Addison Wesley
Intelligent Software agents
Autonomous agents
Distributed agents
Multi-agents
Mobile agents
Fuzzy agents
2. An extensive amount of software intelligence - in the form of articficial intelliegence and according to Wikipedia, Intelligent agents (also known as rational agents) are not just software programs, they may also be machines, human beings, communities of human beings (such as firms) or anything that is capable of goal directed behavior.
3. e-Commerce vs Software agents
Agents can used the latest and prevalent technologies to handle transactions carried over on the internet space (
4. a, b LC_MOO at http:///
,C. I cannot get it working, Only using Browse and a screen that explains ROCKY ..
Tried using it with an account "train1" and "train1" as pwd
Reference:
1. Griss, M (2001) Software Agent as next generation software components. Ch.36 in Component-Based Software Engineering: Putting the Pieces Together. Addison Wesley
Monday, May 18, 2009
Exercise 23. Searching mechanisms
1. An Internet spider is a program designed to "crawl" over the World Wide Web, the portion of the Internet most familiar to general users, and retrieve locations of Web pages. It is sometimes referred to as a webcrawler. Many search engines use webcrawlers to obtain links, which are filed away in an index. When a user asks for information on a particular subject, the search engine pulls up pages retrieved by the Internet spider. Without spiders, the vast richness of the Web would be all but inaccessible to most users, rather as the Library of Congress would be if the books were not organized.
Some search engines are human-based, meaning that they rely on humans to submit links and other information, which the search engine categorizes, catalogues, and indexes. Most search engines today use a combination of human and crawler input. Crawler-based engines send out spiders, which are actually computer programs that have sometimes been likened to viruses because of their ability to move between, and insert themselves into, other areas in cyberspace.
Spiders visit Web sites, record the information there, read the meta tags that identify a site according to subjects, and follow the site's links to other pages. Because of the many links between pages, a spider can start at almost any point on the Web and keep moving. Eventually it returns the data gathered on its journey to the search engine's central depository of information, where it is organized and stored. Periodically the crawler will revisit the sites to check for changed information, but until it does so, the material in the search engine's index remains the same. It is for this reason that a search at any time may yield "dead" Web pages, or ones that can no longer be found.
No two search engines are exactly the same, the reason being (among other things) a difference in the choice of algorithm by which the indices are searched. Algorithms can be adjusted to scan for the frequency of certain keywords, and even to circumvent attempts at keyword stuffing or "spamdexing," the insertion of irrelevant search terms intended simply to draw traffic to a site.
2. Meta-Search Engine - appears like an aggregator for receiving your input (search requests) and forward the request to several other search engines and/or databases and aggregates the results into a single list or displays them according to their source. Metasearch engines enable users to enter search criteria once and access several search engines simultaneously. Metasearch engines operate on the premise that the Web is too large for any one search engine to index it all and that more comprehensive search results can be obtained by combining the results from several search engines. This also may save the user from having to use multiple search engines separately.
3. I know this from my personal experience in SEO (without paying anyone to list to top spots)
Tried "Little Scientist" or "BOYTOYS", my listings are at the top.
Metatags keywords - by creating lots of relevant keywords within the tags
Use lots of texts in the content body, sometimes links to outside websites, and also have external websites (eg. Blogs, forums, other community sites such as linkedin, youtube, wikipedia to link back). I have also tried building google and SEO friendly CMS like DRUPAL which is extremely friendly to search engines and have them linked to the sites.
In the past, both Yahoo and Google allows a customer to enter the URL to get it listed.
The name of the page is also important, avoid using redirect clause as spiders do not like them.
Exercuse 22. CRM and SCM
CRM (customer relationship management) The sales and marketing function is responsible for selling the organization’s products or services. It helps to identify the customers for the firm’s products or services, determining what customers need or want, planning and development products and services to meet their needs, and advertising and promoting these products and services, It also concerned with contacting customers, selling the products and services, taking orders and following up on sales.
SCM (supply chain management) is the process of planning, implementing and controlling the operations of the supply chain with the purpose to satisfy customer requirements as efficiently as possible.
e-SCM is the application of information and communication technologies to form a seamless path for the smooth delivery of goods and products from suppliers, manufactuers, distributoers and retailers int othe hands of customers
SCM (supply chain management) is the process of planning, implementing and controlling the operations of the supply chain with the purpose to satisfy customer requirements as efficiently as possible.
e-SCM is the application of information and communication technologies to form a seamless path for the smooth delivery of goods and products from suppliers, manufactuers, distributoers and retailers int othe hands of customers
Reference
Bartz., T (2006) User customization : Utilizing Content Management Systems to efficiently organize user group content. Thesis publication for research at
Fill C & Fill K (2005) Business to Business Marketing – Relationships, Systems and communications, Prentice Hall
Kim, B (2005) Mastering Business In
Laudon & Laudon (2006), “Management Information System, Managing The Digital Firm, 9th Edition”, Pearson Education
Ozer, M (2005) Online Business: tailoring your business environment in order to compete. Department of Management,
Saturday, May 16, 2009
Execercise 20. Modeling the UML and the 9 diagram types
Unified Modeling Language - is a standardized general-purpose modeling language in the field of software engineering. UML includes a set of graphical notation techniques to create abstract models of specific systems. Class diagrams are the backbone of almost every object oriented method, including UML. They describe the static structure of a system.
Use Case Diagram displays the relationship among actors and use cases.
Class Diagram models class structure and contents using design elements such as classes, packages and objects. It also displays relationships such as containment, inheritance, associations and others.
Interaction Diagrams
Sequence Diagram displays the time sequence of the objects participating in the interaction. This consists of the vertical dimension (time) and horizontal dimension (different objects).
Collaboration Diagram displays an interaction organized around the objects and their links to one another. Numbers are used to show the sequence of messages.
State Diagram displays the sequences of states that an object of an interaction goes through during its life in response to received stimuli, together with its responses and actions.
Activity Diagram displays a special state diagram where most of the states are action states and most of the transitions are triggered by completion of the actions in the source states. This diagram focuses on flows driven by internal processing.
Component Diagram displays the high level packaged structure of the code itself. Dependencies among components are shown, including source code components, binary code components, and executable components. Some components exist at compile time, at link time, at run times well as at more than one time.
Deployment Diagram displays the configuration of run-time processing elements and the software components, processes, and objects that live on them. Software component instances represent run-time manifestations of code units.
Use Case Diagram displays the relationship among actors and use cases.
Class Diagram models class structure and contents using design elements such as classes, packages and objects. It also displays relationships such as containment, inheritance, associations and others.
Interaction Diagrams
Sequence Diagram displays the time sequence of the objects participating in the interaction. This consists of the vertical dimension (time) and horizontal dimension (different objects).
Collaboration Diagram displays an interaction organized around the objects and their links to one another. Numbers are used to show the sequence of messages.
State Diagram displays the sequences of states that an object of an interaction goes through during its life in response to received stimuli, together with its responses and actions.
Activity Diagram displays a special state diagram where most of the states are action states and most of the transitions are triggered by completion of the actions in the source states. This diagram focuses on flows driven by internal processing.
Component Diagram displays the high level packaged structure of the code itself. Dependencies among components are shown, including source code components, binary code components, and executable components. Some components exist at compile time, at link time, at run times well as at more than one time.
Deployment Diagram displays the configuration of run-time processing elements and the software components, processes, and objects that live on them. Software component instances represent run-time manifestations of code units.
Execercise 19. TP monitors and transaction protocols
1. TP stands for transaction processing and in TP, ACID refers to Atomicity, Consistency, Isolation, Durability where
Atomicity refers to the ability of the DBMS to guarantee that either all of the tasks of a transaction are performed or none of them are. For example, the transfer of funds from one account to another can be completed or it can fail for a multitude of reasons, but atomicity guarantees that one account won't be debited if the other is not credited.
In a distributed client/server environment, a TP monitor provides integrity by ensuring that transactions do not get lost or damaged. It may be placed in a separate machine and used to balance the load between clients and various application servers and database servers. It is also used to create a high availability system by switching a failed transaction to another machine thus avoiding any database or machine to be overwhelmed.
3. Load balanacing - MOM Message Orientated Middleware supports asynchronous communication whereas RPC Remote Procedure Call - is a synchronous communication where the calling application must stop processing or is blocked from proceeding until receiving the response from the remote procedure. In the scenario, TP Monitoring has greater performance advantage in load balancing over both RPC and MOM. TP monitoring would implement the following in load balancing, use queued input buffer to protect against peak in the workload;
priority scheduling to prioritize messages; support server threads to save overhead of heavy weight processes; and make sure that none of the process would be overloaded.
4. With one-phase atomic commit protocol, a server could make a decision by itself to abort transaction. As a result, the consistency of the transaction would be affected.
With two-phase commit protocol, the coordinator would co-ordinate and consolidates an unique decisions of all the servers and client involved before a final decision on whether to abort or commit a transaction which could ensure the consistency of the transaction.
Two-phase commit protocol provides the advantages over one-phase atomic commit protocol. Automatic recovery mechanism: transaction will be recovered as long as a system or media is failure during transaction executing. Synchronization among all participating databases: all database servers will receive the same action, either commit or rollback.
Atomicity refers to the ability of the DBMS to guarantee that either all of the tasks of a transaction are performed or none of them are. For example, the transfer of funds from one account to another can be completed or it can fail for a multitude of reasons, but atomicity guarantees that one account won't be debited if the other is not credited.
Atomicity states that database modifications must follow an “all or nothing” rule. Each transaction is said to be “atomic.” If one part of the transaction fails, the entire transaction fails. It is critical that the database management system maintain the atomic nature of transactions in spite of any DBMS, operating system or hardware failure.
The Consistency property ensures that the database remains in a consistent state before the start of the transaction and after the transaction is over (whether successful or not).
Consistency states that only valid data will be written to the database. If, for some reason, a transaction is executed that violates the database’s consistency rules, the entire transaction will be rolled back and the database will be restored to a state consistent with those rules. On the other hand, if a transaction successfully executes, it will take the database from one state that is
Isolation refers to the requirement that other operations cannot access or see the data in an intermediate state during a transaction. This constraint is required to maintain the performance as well as the consistency between transactions in a DBMS.
Durability refers to the guarantee that once the user has been notified of success, the transaction will persist, and not be undone. This means it will survive system failure, and that the database system has checked the integrity constraints and won't need to abort the transaction. Many databases implement durability by writing all transactions into a transaction log that can be played back to recreate the system state right before a failure. A transaction can only be deemed committed after it is safely in the log.
2. TP monitor is a control program that manages the transfer of data between multiple local and remote terminals and the application programs that serve them. It may also include programs that format the terminal screens and validate the data entered.In a distributed client/server environment, a TP monitor provides integrity by ensuring that transactions do not get lost or damaged. It may be placed in a separate machine and used to balance the load between clients and various application servers and database servers. It is also used to create a high availability system by switching a failed transaction to another machine thus avoiding any database or machine to be overwhelmed.
3. Load balanacing - MOM Message Orientated Middleware supports asynchronous communication whereas RPC Remote Procedure Call - is a synchronous communication where the calling application must stop processing or is blocked from proceeding until receiving the response from the remote procedure. In the scenario, TP Monitoring has greater performance advantage in load balancing over both RPC and MOM. TP monitoring would implement the following in load balancing, use queued input buffer to protect against peak in the workload;
priority scheduling to prioritize messages; support server threads to save overhead of heavy weight processes; and make sure that none of the process would be overloaded.
4. With one-phase atomic commit protocol, a server could make a decision by itself to abort transaction. As a result, the consistency of the transaction would be affected.
With two-phase commit protocol, the coordinator would co-ordinate and consolidates an unique decisions of all the servers and client involved before a final decision on whether to abort or commit a transaction which could ensure the consistency of the transaction.
Two-phase commit protocol provides the advantages over one-phase atomic commit protocol. Automatic recovery mechanism: transaction will be recovered as long as a system or media is failure during transaction executing. Synchronization among all participating databases: all database servers will receive the same action, either commit or rollback.
Exercise 17. Concurrency terms
1. Thread Synchronisation - Thread synchronization requires that a running thread gain a "lock" on an object before it can access it. The thread will wait in line for another thread that is using the method/data member to be done with it. This is very important to prevent the corruption of program data if multiple threads will be accessing the same data. If two threads try to change a variable or execute the same method at the same, this can cause serious and difficult to find problems. Thread synchronization helps prevent this.
2. Locks - In computer science, a lock is a synchronization mechanism for enforcing limits on access to a resource in an environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies.
3. Deadlock - Deadlock most often occurs when two (or more) threads are each waiting for the other(s) to do something.
4. Semaphores - a semaphore is a protected variable or abstract data type which constitutes the classic method for restricting access to shared resources such as shared memory in a multiprogramming environment. A counting semaphore is a counter for a set of available resources, rather than a locked/unlocked flag of a single resource.
5. Mutex (mutual exclusion) -Mutual exclusion (often abbreviated to mutex) algorithms are used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections.
7. Event - event-driven programming or event-based programming is a programming paradigm in which the flow of the program is determined by events — i.e., sensor outputs or user actions (mouse clicks, key presses) or messages from other programs or threads.
8. Waitable Timer - A waitable timer object is a synchronization object whose state is set to signaled when the specified due time arrives. There are two types of waitable timers that can be created: manual-reset and synchronization. A timer of either type can also be a periodic timer.
2. Locks - In computer science, a lock is a synchronization mechanism for enforcing limits on access to a resource in an environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies.
3. Deadlock - Deadlock most often occurs when two (or more) threads are each waiting for the other(s) to do something.
4. Semaphores - a semaphore is a protected variable or abstract data type which constitutes the classic method for restricting access to shared resources such as shared memory in a multiprogramming environment. A counting semaphore is a counter for a set of available resources, rather than a locked/unlocked flag of a single resource.
5. Mutex (mutual exclusion) -Mutual exclusion (often abbreviated to mutex) algorithms are used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections.
Examples of such resources are fine-grained flags, counters or queues, used to communicate between code that runs concurrently, such as an application and its interrupt handlers. The problem is acute because a thread can be stopped or started at any time.
6. Thread - a thread of execution results from a fork of a computer program into two or more concurrently running tasks. The implementation of threads and processes differs from one operating system to another, but in most cases, a thread is contained inside a process. Multiple threads can exist within the same process and share resources such as memory, while different processes do not share these resources.7. Event - event-driven programming or event-based programming is a programming paradigm in which the flow of the program is determined by events — i.e., sensor outputs or user actions (mouse clicks, key presses) or messages from other programs or threads.
Event-driven programming can also be defined as an application architecture technique in which the application has a main loop which is clearly divided down to two sections: the first is event selection (or event detection), and the second is event handling. In embedded systems the same may be achieved using interrupts instead of a constantly running main loop; in that case the former portion of the architecture resides completely in hardware.
8. Waitable Timer - A waitable timer object is a synchronization object whose state is set to signaled when the specified due time arrives. There are two types of waitable timers that can be created: manual-reset and synchronization. A timer of either type can also be a periodic timer.
Sunday, May 10, 2009
Exercise 16. Authentication and Encryption systems
1. I went to ebay.com.hk website. They of course accepted PAYPAL which is their own payment solution provider started with the concept of using an email address as the single "Authentication" tool to verify the customer's input of data. The data collected is checked against any credit bureau for accuracy and credit history.
http://www.ebay.com.hk
http://www.paypal.com
How to use PAYPAL ? they have a guideline to help their auction site users to use PAYPAL.
Click this http://pages.ebay.com.hk/paypal/buyer.html
Yes. I do trust ebay and paypal. They are trusted merchants and websites.
2. For any merchant to receive trust, they can either use their main brand or lend a hand from their official corporation status or to have their website and organisations tested/endorsed by BBB (better business bureaus) or similar organisations.
For websites, a merchant should always use their own digital certificates (which is verified by Certificate Authoriry - CA) before and hence buliding that TRUSTED relationship.
Consumers of websites, if in doubt, can check the issuer of the digital certificates about their details.
3. Verisign has been a certificate authority providing 3rd party services to organisations and websites the digital certificates business.
4. TRUSTe offers privacy and trust endorsement services for organisations, businesses and websites. According to Consumer Privacy Guide (2009), TRUSTe developed the first online privacy seal program, which has grown from over 500 licensed websites in 1999 to more than 1200 sites in a variety of industries in 2000 and over 2000 in 2001, including 50 of the top 100 most heavily trafficked Web sites. The TRUSTe privacy seal programs allows consumers to have assurance that the websites they are using are compliant with fair information practices approved by the U.S. Department of Commerce, Federal Trade Commission and prominent industry-represented organizations and associations.
5. PGP encryption is often used in mail and or point to point. You will need a public key, a private key and the software to encrypt and decrypt.
6. There are physical keys (eg. HSBC SD Key, please see below, thumbprints or other biometric measure, rectna laser scanning are all the new technologies available for authenticating identities.
Reference:
1. Consumer Privacy Guide (2009) What is TRUSTe and how does it work to protect my privacy? Retrieved on May 10, 2009 at http://www.consumerprivacyguide.org/faq/truste.shtml
http://www.ebay.com.hk
http://www.paypal.com
How to use PAYPAL ? they have a guideline to help their auction site users to use PAYPAL.
Click this http://pages.ebay.com.hk/paypal/buyer.html
Yes. I do trust ebay and paypal. They are trusted merchants and websites.
2. For any merchant to receive trust, they can either use their main brand or lend a hand from their official corporation status or to have their website and organisations tested/endorsed by BBB (better business bureaus) or similar organisations.
For websites, a merchant should always use their own digital certificates (which is verified by Certificate Authoriry - CA) before and hence buliding that TRUSTED relationship.
Consumers of websites, if in doubt, can check the issuer of the digital certificates about their details.
3. Verisign has been a certificate authority providing 3rd party services to organisations and websites the digital certificates business.
4. TRUSTe offers privacy and trust endorsement services for organisations, businesses and websites. According to Consumer Privacy Guide (2009), TRUSTe developed the first online privacy seal program, which has grown from over 500 licensed websites in 1999 to more than 1200 sites in a variety of industries in 2000 and over 2000 in 2001, including 50 of the top 100 most heavily trafficked Web sites. The TRUSTe privacy seal programs allows consumers to have assurance that the websites they are using are compliant with fair information practices approved by the U.S. Department of Commerce, Federal Trade Commission and prominent industry-represented organizations and associations.
5. PGP encryption is often used in mail and or point to point. You will need a public key, a private key and the software to encrypt and decrypt.
6. There are physical keys (eg. HSBC SD Key, please see below, thumbprints or other biometric measure, rectna laser scanning are all the new technologies available for authenticating identities.
Reference:
1. Consumer Privacy Guide (2009) What is TRUSTe and how does it work to protect my privacy? Retrieved on May 10, 2009 at http://www.consumerprivacyguide.org/faq/truste.shtml
Excercise 15. Protecting and Archiving Data
1. A firewall is always necessary to guard against a network (either at home or at the office) from any possible attack (whether intended or with no intentions). A firewall can be a physical hardware solution or can also be implemented as a software solution. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria (Indiana University, 2009)
XNET Solutions - offers a hardware firewall. Details at http://www.xnet.com.pk/
Checkpoint - offers what they called appliance based (which i understood as hardware) firewall Details at http://www.checkpoint.com/index.html Further checking it, Checkpoint's solution contained both hardware and software
Norman Software - offers software firewall solution. Details at http://www.norman.com/
2. Backup Policy
Charles Sturt University (CSU) has the following documents in their website.
www.csu.edu.au/division/dit/about/Dit_policies/DIT-Policy-for-Information-
The system operation team has strict guideline to backup procedures which will be followed strictly.
3. Using just a simple keywords of "How to write a virus" at google, it returns 19100000 hits.
and high on the list is even youtube videos to teach someone who may be interested to do so.
Reference:
1. Indiana University (2009). What is Firewall ?
Retrieved on May 10, 2009 at http://kb.iu.edu/data/aoru.html
Exercise 14. Electronic Payments and security 2
1. A cookie is the digital information that a Web site puts on your local computer's hard disk so that it can remember something about you at a later time. Cookie is a two edged sword as it allows the frequently visited website to be able to provide you the same level of service and highly customisable service level but at the same time, it may leave room for security breach.
2. Cookies can be security risk because it leaves a trace of details of previous internet transactional details and could be cookie-jacked by intenders. (McWilliams, 2002) has suggested that the regular hotmail visits are already very risky as the cookies used by Hotmail kept sensitive data including the passwords.
Reference:
1. McWilliams. B (2002) Hotmail at risk to cookies thieves. Retrieved on 10 May 2009 at http://www.wired.com/science/discoveries/news/2002/04/52115
2. Cookies can be security risk because it leaves a trace of details of previous internet transactional details and could be cookie-jacked by intenders. (McWilliams, 2002) has suggested that the regular hotmail visits are already very risky as the cookies used by Hotmail kept sensitive data including the passwords.
Reference:
1. McWilliams. B (2002) Hotmail at risk to cookies thieves. Retrieved on 10 May 2009 at http://www.wired.com/science/discoveries/news/2002/04/52115
Exercise 13. Electronic Payments and Security 1
1. I have used many secure website before since 1996. I remember when the earlier versions of IE browsers were always playing catchup with the new encryption keys used by the respective websites. We always need to ensure we had the latest browsers or upgrade. Other than this, everything else is transparent to most users except the obvious of the little PAD LOCK show on the bottom bar or browsers URL . I haven't purchased much recently. I did enrol HKUSPACE courses and also apply a few local instituion for another postgraduate study. They all collect application fee by electronic payment and indeed they all uses SSL with their payment gateway.
Recently, I use this following TALENT PORTAL from Hong Kong Science Park
https://talent.hkstp.org very often to post some vacancies we had
For Fellow students, jobseekers and friends, if you need to find a job, please feel free to use this.
We are seeking for Project Manger !!
2. What is SET ?
Not many institution has implemented SET. I remember at one stage I had printed out the specification of the SET v 1.0 to really read through it. They had a merchant implementation guideline and also a generic help files. SSL is like our plain old telephone. It's encryption method is widely adopted. SSL is secure socket layer which provides END TO END encryption once a session is intiated.
Many websites that uses SSL will have https:// as their URL.
Recently, I use this following TALENT PORTAL from Hong Kong Science Park
https://talent.hkstp.org very often to post some vacancies we had
For Fellow students, jobseekers and friends, if you need to find a job, please feel free to use this.
We are seeking for Project Manger !!
2. What is SET ?
Not many institution has implemented SET. I remember at one stage I had printed out the specification of the SET v 1.0 to really read through it. They had a merchant implementation guideline and also a generic help files. SSL is like our plain old telephone. It's encryption method is widely adopted. SSL is secure socket layer which provides END TO END encryption once a session is intiated.
Many websites that uses SSL will have https:// as their URL.
Exercise 12. Designing a secure framework
1. SET was a standard originally designed and advocated by VISA. I first got to learn about this Secure Electronic Transaction (hence SET) protocol in 1995 when developing mobile applications. I At the same time, Digital Certifications - CA - and other trusts issues were prevalent and hotly contested. Even my humble self has got involved and learn all about CA and digital trust and relationships. SET Version 1.0 were finalised in 1997 (Clark, 1999) and didn't make much impact to the industry and were attempted to be tested and pilot at banking community.
In the SET protocol, two different encryption algorithms are used – DES and RSA. The DES algorithm has been used since the 1970’s (Schneier, 1996), and that they were responsible for reducing its key size from the original 128-bits to 56.
RSA 128 bit encryption is a form of asymmetric system. According to the explanation in Wikipedia, with a key of length bits, there are 2128 possible keys. The large number of operations (2128) required to try all possible 128-bit keys is considered extremely hard to break with the digital computing power of today. Some crytography specialists claimed they have broken higher number of keys (TheRegister.co.uk , 2008)
2. Intrusion detection system is commonly known as IDS. Internet Security Systems (2009) defined that when an IDS looks for these patterns in network traffic, it’s network-based. When an IDS looks for attack signatures in log files, it’s host-based. In either case, IDS of both types look for attack signatures, specific patterns that usually indicate malicious or suspicious intent.
The typical NIDS scenario where an attempt has been made to funnel the traffic through the NIDS device on the network. It does not take a genius to see that if you had to isolate a single machine and take the machine away from the network like is done by many business people when in transit that NIDS would be very flawed. The Red device represents where the NIDS has been installed.
Host based IDS are a more comprehensive solution and displays great strengths in all network environments. It does not matter where the machines are even if they are away from the network they will be protected at all times. The Orange machines represent where the HIDS is installed.
3. "Phishing" is the term used to describe illegal "email sending to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
TD Canada Trust, a bank from Canada, had a few sagas of their customers randomly receiving "phishing" emails over the years and had issued clear statements and instructions to their customers on their website to educate customers how to detect "emails" that could be phishing emails. (TD Canada Trust Website, 2009)
Reference
1. Clark. T (1999), Visa, Mastercard try to revive SET. CNET news online.
Retrieved on May 10, 2009 at http://news.cnet.com/2100-1017-225723.html
2. Schneier, B. (1996) Applied Cryptography, John Wiley & Sons, Canada.
3. The Register.co.uk (2008) , RSA is dead. Discussion Thread at
Retrieved on May 9, 2009 at http://www.theregister.co.uk/2007/05/22/unreadable_writing_is_on_the_wall/comments/
4. TD Canada Trust Web site (2009) Email Safety.
Retrieved on May 10, 2009 at http://www.td.com/security/email.jsp
In the SET protocol, two different encryption algorithms are used – DES and RSA. The DES algorithm has been used since the 1970’s (Schneier, 1996), and that they were responsible for reducing its key size from the original 128-bits to 56.
RSA 128 bit encryption is a form of asymmetric system. According to the explanation in Wikipedia, with a key of length bits, there are 2128 possible keys. The large number of operations (2128) required to try all possible 128-bit keys is considered extremely hard to break with the digital computing power of today. Some crytography specialists claimed they have broken higher number of keys (TheRegister.co.uk , 2008)
2. Intrusion detection system is commonly known as IDS. Internet Security Systems (2009) defined that when an IDS looks for these patterns in network traffic, it’s network-based. When an IDS looks for attack signatures in log files, it’s host-based. In either case, IDS of both types look for attack signatures, specific patterns that usually indicate malicious or suspicious intent.
The typical NIDS scenario where an attempt has been made to funnel the traffic through the NIDS device on the network. It does not take a genius to see that if you had to isolate a single machine and take the machine away from the network like is done by many business people when in transit that NIDS would be very flawed. The Red device represents where the NIDS has been installed.
Host based IDS are a more comprehensive solution and displays great strengths in all network environments. It does not matter where the machines are even if they are away from the network they will be protected at all times. The Orange machines represent where the HIDS is installed.
3. "Phishing" is the term used to describe illegal "email sending to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
TD Canada Trust, a bank from Canada, had a few sagas of their customers randomly receiving "phishing" emails over the years and had issued clear statements and instructions to their customers on their website to educate customers how to detect "emails" that could be phishing emails. (TD Canada Trust Website, 2009)
Reference
1. Clark. T (1999), Visa, Mastercard try to revive SET. CNET news online.
Retrieved on May 10, 2009 at http://news.cnet.com/2100-1017-225723.html
2. Schneier, B. (1996) Applied Cryptography, John Wiley & Sons, Canada.
3. The Register.co.uk (2008) , RSA is dead. Discussion Thread at
Retrieved on May 9, 2009 at http://www.theregister.co.uk/2007/05/22/unreadable_writing_is_on_the_wall/comments/
4. TD Canada Trust Web site (2009) Email Safety.
Retrieved on May 10, 2009 at http://www.td.com/security/email.jsp
Friday, May 8, 2009
Subscribe to:
Posts (Atom)
