Hi everybody!
Finally, we have already finished assignment 2 for ITC382 - Business to Business, this is also a final assignment. After doing all of the exercise and workshop, more or less, now we have acquired a knowledge of the E-System infrastructure and particular in programming on Ruby.
Indeed, Study Guide exercises helped us to gain our knowledge in specified topics such as Internet Security, Concurrency and transactions, Designing distributes systems, Bots, agents, spiders and mobile computing, etc. Every topic gave us some new concepts and we think, it will be very important for us in the future when we work in the IT industry.
Secondly, we also learn about Ruby, especially in Sinatra. After written the guestbook application by Sinatra and MongoHQ Database, we feel that it is really interesting and effective. We think, Ruby language will more and more popular in the future.
This is all about we learn in this subject, hopefully, you will feel it is useful and partly give you a short picture about e-system.
Thank you
Elevator Pitch 2 Recording - Download
Thursday, May 27, 2010
Step 8 - Question
a. What is MongoDB? How does it relate to MongoHQ
According to Mongodb.org (2010), MongoDB (from “humongous”) is a scalable, high-performance, open source, document-oriented database, and written in C++ programming language. As Wikipedia (2010) explain that MongoDB is designed for problems without heavy transactional requirements that are not easily solved by traditional RDBMSs, including problems that require databases to span many servers. MongoDB is not a relational database management system. The database manages collections of JSON-like documents that are stored in a binary format referred to as BSON.
MongoDB relates to MongoHQ:
MongoHQ provides a hosting platform for MongoDB and also uses MongoDB as the back-end for its service.
References
Mongodb (2010). The Best Features of Document Databases Key-Value Stores, and RDBMSes. Retrieved from www.Mongodb.org
Wikipedia (2010). MongoDB. Retrieved from http://en.wikipedia.org/wiki/MongoDB
b. What is MongoMapper
According to Github.com (2010), MongoMapper is a Ruby wrapper library which aims to make using MongoDB much easier and friendlier than the default Ruby driver provided by XGen. When is makes sense to do so, MongoMapper tries to stick closely with the familiar syntax of ActiveRecord.
Due to the way MongoDB stores data, MongoMapper consists two key concepts are: Document and the EmbeddedDocument
The Document is essentially a record with fields
An Embedded Document is exactly like a Document, except that it is injected into a Document and still retains all of ts information.
References
Github.com (2010). MongoMapper. Retrieved from http://wiki.github.com/jnunemaker/mongomapper/
c. What is the relation between MongoDB and Mysql
This table below is the quick comparision between MongoDB and MySQL (mongodb.org, 2010)
| | MongoDB | MySQL |
| Data Model | Document-Oriented (BSON) | Relational |
| Data Types | string, int, double, boolean, date, bytearray, object, array, others | Link |
| Large Objects (File) | Yes (GridFS) | Blobs? |
| Replication | Master-slave | Master-slace |
| Object (row) Storage | Collection based | Table-slave |
| Query Method | Dynamic; object-based query language | Dynamic; SQL |
| Secondary Indexes | Yes | Yes |
| Atomicity | Single document | Yes-advanced |
| Interface | Native drivers | Native drivers |
| Server-side batch data manipulation | Map/Reduce, server-side javascript | Yes (SQL) |
| Written in | C++ | C |
| Concurrency Control | Update in Place | |
Reference
Mongodb.org (2010). MongoDB, CouchDB, MySQL Compare Grid. Retrieved from http://www.mongodb.org/display/DOCS/MongoDB,+CouchDB,+MySQL+Compare+Grid
Step 7 - Deploy to Heroku
"Heroku open" and then navigate to Heroku web address. That is http://young-summer-66.heroku.com/
After click on "View Comment", it will direct to the View page.
Click on Add New Comment, it will redirect to the home page.
After click on "View Comment", it will direct to the View page.
Click on Add New Comment, it will redirect to the home page.
Exercise 15: M-commerce: Innovation and mobile devices
1. What is meant by a location based service? Explain using the Web applications found on a late model mobile device?
As Wikipedia (2010) defined, a location-based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device.
LBS service can be used in a different field; it could be in health, work, personal lift, etc. LBS service also involves service to locate a person or object or even track parcel and vehicle. Mobile commerce can be included in LBS when taking the form of coupons or advertising directed based on the current customer location. It can also be used for weather forecasts and location-based games.
These are some of the LBS services used web application in mobile device:
- Locating nearest business like ATM, Park, hospital, restaurant, etc.
- Navigation services like GPS
- Receiving alerts like a SMS notification
- Locating based mobile advertising
- Tracking resource like taxi booking, hotel, rental
- Business directory, weather, traffic service
References
Wikipedia (2010). Location based service. Retrieved from http://en.wikipedia.org/wiki/Location-based_service
2. Describe the purpose of the Open Mobile
According to Wikipedia (2010) describes briefly that Open Mobile Alliance Initiative (OMA) is a standards body which develops open standards for the mobile phone industry.
The OMA is established to grow the market for the entire mobile industry by removing the
Also following to PaloWireless (n.d), the OMA encourages competition through innovation and differentiation, while ensuring the interoperability of mobile service through the entire value chain. It will include all elements of the wireless value chain and contribute to timely and efficient introduction of service and applications to the market by creating a standards organization.
References
PaloWireless (n.d). The Open Mobile
Wikipedia (2010). Open Mobile
3. What are the main components of a mobile Web services framework?
According to ESA (2004) presented the main components of a mobile Web services framework:
Mobile Server
The Mobile Server is a mobile remote computer; linked to the Internet via an Inmarsat Regional Broadband Global Area Network (RBGAN) User Terminal (UT) The mobile web services are active on this server. The mobile Server could be used as a server or as a client PC and it just accept requests from the Gatekeeper
Gatekeeper
The Gatekeeper is placed on the terrestrial Internet, and acts as the sole gateway to the Mobile Server. It is used to perform authentication and authorization of requests before sending them to the Mobile Server. Moreover, the Gatekeeper store buffered data, so it will enable more economic usage of the satellite link.
RBGAN UT / Thuraya Satellite/ RBGAN SAS
The physical connection between the remote web server and the Gatekeeper is established using a Satellite Access Station, a Telecommunications Satellite and a satellite modem.
GPS / Data Acquisition system / Web cam
The mobile Server is connected to a set of peripherals, such as a GPS device, a web cam or a Data Acquisition system. From these devices, data is collected by the web service.
Application server / Client PC
The Gatekeeper handles requests from clients over the Internet. A client can be a PC with a web browser, or another application using a http Simple Object Application Protocol – SOAP request.
References
ESA (2004). Mobile Web Services Framework Features. Retrieved from http://telecom.esa.int/telecom/www/object/index.cfm?fobjectid=12854
4. Visit an Airline Web site and search information on WAP or SMS or 3G mobile application access to booking airline services. The same services exist in banking. How do both industries compare?
I have visited the Jetstar website and accessed the SMS booking section. This facility allows people to make bookings 24 hours a day with the airline by SMS or a mobile phone. This advantage of this JetSMS technology support user to either book a flight or enquire on a low fare at any time or place with mobile coverage are immense (zdnet, 2004).
The SMS service provided in bank used to many purposes that enhance the security is one of them. For example, I browsed the netbank service in Commonwealths Bank and transfer the money. As I transfer money to new account, a security code will be sent to my mobile via SMS to ensure that I am a holder account.
The service for banking is different from airline booking that that it require more secure service user follow up the regulation properly.
Reference
Exercise 14: Searching mechanisms, Virtual worlds and Cyberagents
1. What is a spider? What does it do?
According to TechTarget (2005), a spider is a program that visits Websites and reads their pages in order to create entries for a search engine index. Typically, Spiders are programmed to visit sites that have been submitted by their owners as new or updated. Entire sites or specific pages can be visited and indexed optionally. Spiders can visit many sites simultaneously; it can span a large of the “web” through several ways. One way is to follow all the hypertext links in each page until all the pages have been read. Beside that, spider can be used to gather information from any site and especially useful for creating automated task such as maintaining links or validating HTML code.
Reference
TechTarget (2005). Spider. Retrieved from http://whatis.techtarget.com/definition/0,,sid9_gci213035,00.html
2. Differentiate the various types of software agents.
In computer science, a software agent is a piece of software that acts for a user or other program in a relationship of agency (Wikipedia, 2010).
According to Peterindian.net (n.d), there are many type of software agents, each type has different function. Some of them listed below are the example:
- Cooperative agents communicate with other agents and act acts follow the result of that communication.
- Proactive agents initiate action without user prompting
- Adaptive agents, learning from past experience, and change to the given situation
- Personal agents are proactive and serve individual users.
- Collaborative agents are proactive and cooperate with other agents.
References
PeterIndian.net (n.d). Intelligent Software Agents – An Overview. Retrieved from http://www.peterindia.net/SoftwareAgentsView.html
Wikipedia (2010). Software Agent. Retrieved from http://en.wikipedia.org/wiki/Software_agent
3. Identify various activities in e-commerce where software agents are currently in use.
Umn (1999) identify that there are many activities in e-commerce which software agents are implementing
- Procurement: obtaining materials, services, managing inflow into the organization towards the end user
- Brokering Service: finding information about products, sellers, and prices, providing protection for privacy, validating purchasers’ credit, billing and accounting, etc.
- Digital Libraries and Recommending Services: retrieving information from distributed sources, filtering information on contents, collaborative fillering
- Notification Services: notifying of new books or CDs, notifying when specific products are available at a specific price.
References
Umn (1999). Agents and other ‘Intelligent Software’ for e-Commerce. Retrieved from http://www-users.cs.umn.edu/~gini/csom.html
4. Computing ethics and bot programming case study: rocky
a. Get an account username and password from the lecturer to LC_MOO at http://ispg .csu.edu.au:7680 and login to the Welcome Lobby
After I logged in with the username: train3 and password: train 3. This popup windows is displayed.
b. Hold a 5-minute discussion with Rocky on a special topic. Commands and chat are entered in the command box: act rocky (start bot) hush rocky (stop bot)
c. Rocky is an ELIZA-like bot. Report your findings
Rocky can give a corresponding action follow a pre-defined instruction. It is pretty interesting, but the answer is sometimes not match with my question. However, we can create an instruction by LC-MOO command to make it more excited
Tuesday, May 25, 2010
Exercise 13: Shopping cart specifications
Develop the class diagram for the following shopping cart specifications:
A shoppingCart object is associated with only one creditCard and customer and to items in itemToBuy object. Persistent customer information such as name, billing address, delivery address, e-mail address and credit rating is stored in the customer object. The credit card object is associated with a frequentShopper discount object, if the credit rating for the customer is good. The customer can make or cancel orders as well as add and delete items to the shopping cart product. The credit card object contains the secure method for checking that the charge is authentic.
(Click on the image to enlarge)
(Click on the image to enlarge)
Exercise 12: Modelling with UML or MVC?
Examine the Use Case in Figure 4 and explain the MVC architecture of the online bookstore (the model the view and controllers) needed to Lookup Books and Add to Shopping Cart.
Model-View-Controller (MVC), an architechural pattern that is used for seperating our application into multiple parts, is probably one of the most mentioned patterns in the web application development in recent years (Pastor, 2010).
In MVC,an application is devided into three different parts based on the responsibilities of each part. The model will handle data and business logic, the controller is responsible for handling user's requests and call appropriate resouces(objects) to fullfil these requests and then forward the results to the view.The View acts as a user interface in which users can enter requests and receive results from the controller. The view can present data to users in any supported formats or layouts (Pastor, 2010). The main advantage of the MVC approach is the seperation between application logic and user's interface (presentation).
In the Usecase diagram above, the use case 100(make connection) is the controller. This controller will handle any user's requests, then call appropriate functions(also called as usercase) in the model such as lookup books(104) and Add to Shopping Cart(105). After processing the database the model will return founded data to the controller, then the controller will select appropriate view to present the results to user.
Note: the View and the Model are not shown in this UseCase Diagram.
Reference
Pastor, P.(2010).MVC for Noobs. Viewed 14 May 2010 from http://net.tutsplus.com/tutorials/other/mvc-for-noobs/
Model-View-Controller (MVC), an architechural pattern that is used for seperating our application into multiple parts, is probably one of the most mentioned patterns in the web application development in recent years (Pastor, 2010).
In MVC,an application is devided into three different parts based on the responsibilities of each part. The model will handle data and business logic, the controller is responsible for handling user's requests and call appropriate resouces(objects) to fullfil these requests and then forward the results to the view.The View acts as a user interface in which users can enter requests and receive results from the controller. The view can present data to users in any supported formats or layouts (Pastor, 2010). The main advantage of the MVC approach is the seperation between application logic and user's interface (presentation).
In the Usecase diagram above, the use case 100(make connection) is the controller. This controller will handle any user's requests, then call appropriate functions(also called as usercase) in the model such as lookup books(104) and Add to Shopping Cart(105). After processing the database the model will return founded data to the controller, then the controller will select appropriate view to present the results to user.
Note: the View and the Model are not shown in this UseCase Diagram.
Reference
Pastor, P.(2010).MVC for Noobs. Viewed 14 May 2010 from http://net.tutsplus.com/tutorials/other/mvc-for-noobs/
Exercise 11: TP monitors and transaction protocols
1.Give a description in your own words of the ACID properties of a transaction.
Transaction is a set of operations which are executed sequentially in order to transform data from one consistent state to another one. The four important properties of a transaction are atomicity, consistency, isolation and durability.
Atomicity is a transaction property which guarantee that both a transaction itself and all its operations are atomic. This means that either all operations, which are part of the transaction, must be completely carried out or not carried out at all. So if one operation fails, the whole transaction fails.
Consistency ensures that data is always in a constistent state. For example, a transaction of money transfer between two parties A and B happenned, if money is transfered from account A to account B, the transaction must substract the same amout from account A that is added to account B.
Isolation means that although transactions can be executed concurrently, a transaction is not interfered by other transactions and the transactions appear to run serially.
Durability means that the results of a sucessful transaction are stored in permanent storage so that the results can not be affected because of subsequent failures (e.g. power cut, network disconnects).
2.Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?
Ince (2004) defined that "a Trasaction Processing (TP) monitor is a complex computer program which manages the execution of a transaction starting with the client executing the transaction; it will normally employ a number of server and then return any results to the client". The two important jobs of a TP monitor are: first, it manages the execution of the threads and processes of the transaction and second it ensures the ACID properties of the transaction are enforced.
There are a number of functions which can be carried out by TP monitors. For example CICS monitor of IBM can initialize, schedlue and destroy threads to control transactions,manage resources are being accessed, enable services to be subcontracted to other servers for a better transaction processing ("Transaction Processing Monitors", 2004).
A large number of concurrent clients would overwhelm an operating system and cause a server's down. A TP monitor maintains a pool of processes and queues transactions so that they take turns using the pool. If system is running a lot of small jobs that require few resources, a TP monitor can add processes; but if system is running a big job that require more resources, a TP monitor shuts down some process in order to free the resources (Jianghui, 2005) . Hence, a TP monitor is balancing the system resources, meanwhile, it prevents overwhelming an OS.
References
Jianghui, L.(2005). TP Monitors. Retrieved on 10 May 2009 from http://web.njit.edu/~gblank/cis604/Lectures/604TPMonitor.ppt
Ince, D. (2004). Developing distributed and e-commerce applications (2nd Ed.), Harlow, Essex, UK: Addison – Wesley
Transaction Processing Monitors.(2004). Viewed 12 May 2010 from http://publib.boulder.ibm.com/infocenter/txformp/v5r1/index.jsp?topic=/com.ibm.txseries510.doc/atshak0014.htm
Transaction is a set of operations which are executed sequentially in order to transform data from one consistent state to another one. The four important properties of a transaction are atomicity, consistency, isolation and durability.
Atomicity is a transaction property which guarantee that both a transaction itself and all its operations are atomic. This means that either all operations, which are part of the transaction, must be completely carried out or not carried out at all. So if one operation fails, the whole transaction fails.
Consistency ensures that data is always in a constistent state. For example, a transaction of money transfer between two parties A and B happenned, if money is transfered from account A to account B, the transaction must substract the same amout from account A that is added to account B.
Isolation means that although transactions can be executed concurrently, a transaction is not interfered by other transactions and the transactions appear to run serially.
Durability means that the results of a sucessful transaction are stored in permanent storage so that the results can not be affected because of subsequent failures (e.g. power cut, network disconnects).
2.Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?
Ince (2004) defined that "a Trasaction Processing (TP) monitor is a complex computer program which manages the execution of a transaction starting with the client executing the transaction; it will normally employ a number of server and then return any results to the client". The two important jobs of a TP monitor are: first, it manages the execution of the threads and processes of the transaction and second it ensures the ACID properties of the transaction are enforced.
There are a number of functions which can be carried out by TP monitors. For example CICS monitor of IBM can initialize, schedlue and destroy threads to control transactions,manage resources are being accessed, enable services to be subcontracted to other servers for a better transaction processing ("Transaction Processing Monitors", 2004).
A large number of concurrent clients would overwhelm an operating system and cause a server's down. A TP monitor maintains a pool of processes and queues transactions so that they take turns using the pool. If system is running a lot of small jobs that require few resources, a TP monitor can add processes; but if system is running a big job that require more resources, a TP monitor shuts down some process in order to free the resources (Jianghui, 2005) . Hence, a TP monitor is balancing the system resources, meanwhile, it prevents overwhelming an OS.
References
Jianghui, L.(2005). TP Monitors. Retrieved on 10 May 2009 from http://web.njit.edu/~gblank/cis604/Lectures/604TPMonitor.ppt
Ince, D. (2004). Developing distributed and e-commerce applications (2nd Ed.), Harlow, Essex, UK: Addison – Wesley
Transaction Processing Monitors.(2004). Viewed 12 May 2010 from http://publib.boulder.ibm.com/infocenter/txformp/v5r1/index.jsp?topic=/com.ibm.txseries510.doc/atshak0014.htm
Exercise 10: Concurrency and Threading demonstration in Python
1. Find definitions for eight terms and concepts used in threaded programming:
a.Thread Synchronisation
Thread synchronization requires that a running thread gain a "lock" on an object before it can access it. The thread will wait in line for another thread that is using the method/data member to be done with it. This is very important to prevent the corruption of program data if multiple threads will be accessing the same data. If two threads try to change a variable or execute the same method at the same, this can cause serious and difficult to find problems. Thread synchronization helps prevent this ("What is Thread Synchronisation?", n.d.)
b.Locks
Lock is a fundamental synchronization mechanism for enforcing limits on access to a resource in a shared environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies (Lundh, 2007).
c.DeadLock
Dictionary Wikipedia (n.d.) defines: "deadlock refers to a specific condition when two or more processes are each waiting for each other to release a resource, or more than two processes are waiting for resources in a circular chain" ("DeadLock", 2010).
d.Semaphores
A semaphore is a data structure that is useful for solving a variety of synchronization problems. It is typical used to limit accesses to a resource with limited capacity. A semaphore has an internal counter rather than a lock flag, and it only blocks if more than a given number of threads have attempted to hold the semaphore. The counter is incremented when the semaphore is acquired and decremented when the semaphore is released. If the counter equals zero when the semaphore is acquired, the acquiring thread will be blocked(Downey, 2008).
e.Mutex (mutual exclusion)
According to Wikipedia (2010), Mutual Exclusion (often abbreviated to mutex) algorithms are used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections. A critical section is a piece of code in which a process or thread accesses a common resource. The critical section by itself is not a mechanism or algorithm for mutual exclusion. A program, process, or thread can have the critical section in it without any mechanism or algorithm which implements mutual exclusion ("Mutual Exclusion", 2010).
f.Thread
Ince(2004) defined “A thread is an execution of a chunk of code which can be carried out in parallel with the execution of other chunks of code”.
g.Event
An event, in a computing context, is any identifiable occurrence that has significance for system hardware or software. User-generated events include keystrokes and mouse clicks, among a wide variety of other possibilities. System-generated events include program loading and errors, also among a wide variety of other possibilities. An event typically represents some message, token, count, pattern, value, or marker that can be recognized within an ongoing stream of monitored inputs, such as network traffic, specific error conditions or signals, thresholds crossed, counts accumulated, and so on. ("What Is an Event", 2007)
h.Waitable timer.
According to msdn library(n.d.), a waitable timer object is a synchronization object whose state is set to signaled when the specified due time arrives. There are two types of waitable timers that can be created: manual-reset and synchronization. A timer of either type can also be a periodic timer.
2.A simple demonstration of the threading module in Python (threaddemo.py) that uses both a lock and semaphore to control concurrency is by Ted Herman at the University of Iowa. The code and sample output below are worth a look. Report your findings.
The program initializes 10 threads in which each threat is give a random delay time, but only allows three of them to be running at a time. Only when one of these three jobs is completed, one of the waiting threads is allowed to start. The program is ended when all the 10 threads are finished.
In order to control the limitation of running threads to be 3, the program employ a function called "BoundedSemaphore([Value])" of the "local" class. This is a factory function that returns a new bounded semaphore object. A bounded semaphore checks to make sure its current value doesn't exceed its initial value. If it does, ValueError is raised. In most situations semaphores are used to guard resources with limited capacity. If the semaphore is released too many times it's a sign of a bug. If not given, value defaults to 1. ("Python Library Reference", 2008).
# create a semaphore bounded up to 3
sema = threading.BoundedSemaphore(value=3)
Besides the program uses funtion Rlock() to enable only one of the three threads update variable "running" at a time using "acquire() and release()" mechanism. RLock( ) is a factory function that returns a new reentrant lock object. A reentrant lock must be released by the thread that acquired it. Once a thread has acquired a reentrant lock, the same thread may acquire it again without blocking; the thread must release it once for each time it has acquired it. ("Python Library Reference", 2009)
# create a Read Lock
mutex = threading.RLock()
mutex.acquire()
running = running + 1
mutex.release()
Refereces
Downey, A. B.(2008).The Little Book of Semaphores(2nd E.d.). Retrieved 13 May 2010 from http://www.greenteapress.com/semaphores/downey08semaphores.pdf
"DeadLock".(2010). Viewed 17 May 2010 from http://en.wikipedia.org/wiki/Deadlock
Lock(computer science).(n.d.)viewed 13 May 2010 from http://en.wikipedia.org/wiki/Lock_%28computer_science%29
Lundh, F. 2007.Thread Synchronization Mechanisms in Python.Viewed 13 May 2010 from http://effbot.org/zone/thread-synchronization.htm
"Mutual Exclusion".(2010). Viewed 17 May 2010 from http://en.wikipedia.org/wiki/Mutual_exclusion
msdn Library(n.d.).Waitable Timer Object.viewed 13 May 2010 from http://msdn.microsoft.com/en-us/library/ms687012(VS.85).aspx
"Python Library Reference".(2008).Viewed 05 May 2010 from http://www.python.org/doc/2.5.2/lib/module-threading.html
"What Is an Event".(2007).Viewed 12 May 2010 from http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci1274431,00.html
"What is Thread Synchronisation?". (n.d.).Viewed 10 May 2010 from http://wiki.answers.com/Q/What_is_Thread_Synchronization
a.Thread Synchronisation
Thread synchronization requires that a running thread gain a "lock" on an object before it can access it. The thread will wait in line for another thread that is using the method/data member to be done with it. This is very important to prevent the corruption of program data if multiple threads will be accessing the same data. If two threads try to change a variable or execute the same method at the same, this can cause serious and difficult to find problems. Thread synchronization helps prevent this ("What is Thread Synchronisation?", n.d.)
b.Locks
Lock is a fundamental synchronization mechanism for enforcing limits on access to a resource in a shared environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies (Lundh, 2007).
c.DeadLock
Dictionary Wikipedia (n.d.) defines: "deadlock refers to a specific condition when two or more processes are each waiting for each other to release a resource, or more than two processes are waiting for resources in a circular chain" ("DeadLock", 2010).
d.Semaphores
A semaphore is a data structure that is useful for solving a variety of synchronization problems. It is typical used to limit accesses to a resource with limited capacity. A semaphore has an internal counter rather than a lock flag, and it only blocks if more than a given number of threads have attempted to hold the semaphore. The counter is incremented when the semaphore is acquired and decremented when the semaphore is released. If the counter equals zero when the semaphore is acquired, the acquiring thread will be blocked(Downey, 2008).
e.Mutex (mutual exclusion)
According to Wikipedia (2010), Mutual Exclusion (often abbreviated to mutex) algorithms are used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections. A critical section is a piece of code in which a process or thread accesses a common resource. The critical section by itself is not a mechanism or algorithm for mutual exclusion. A program, process, or thread can have the critical section in it without any mechanism or algorithm which implements mutual exclusion ("Mutual Exclusion", 2010).
f.Thread
Ince(2004) defined “A thread is an execution of a chunk of code which can be carried out in parallel with the execution of other chunks of code”.
g.Event
An event, in a computing context, is any identifiable occurrence that has significance for system hardware or software. User-generated events include keystrokes and mouse clicks, among a wide variety of other possibilities. System-generated events include program loading and errors, also among a wide variety of other possibilities. An event typically represents some message, token, count, pattern, value, or marker that can be recognized within an ongoing stream of monitored inputs, such as network traffic, specific error conditions or signals, thresholds crossed, counts accumulated, and so on. ("What Is an Event", 2007)
h.Waitable timer.
According to msdn library(n.d.), a waitable timer object is a synchronization object whose state is set to signaled when the specified due time arrives. There are two types of waitable timers that can be created: manual-reset and synchronization. A timer of either type can also be a periodic timer.
2.A simple demonstration of the threading module in Python (threaddemo.py) that uses both a lock and semaphore to control concurrency is by Ted Herman at the University of Iowa. The code and sample output below are worth a look. Report your findings.
The program initializes 10 threads in which each threat is give a random delay time, but only allows three of them to be running at a time. Only when one of these three jobs is completed, one of the waiting threads is allowed to start. The program is ended when all the 10 threads are finished.
In order to control the limitation of running threads to be 3, the program employ a function called "BoundedSemaphore([Value])" of the "local" class. This is a factory function that returns a new bounded semaphore object. A bounded semaphore checks to make sure its current value doesn't exceed its initial value. If it does, ValueError is raised. In most situations semaphores are used to guard resources with limited capacity. If the semaphore is released too many times it's a sign of a bug. If not given, value defaults to 1. ("Python Library Reference", 2008).
# create a semaphore bounded up to 3
sema = threading.BoundedSemaphore(value=3)
Besides the program uses funtion Rlock() to enable only one of the three threads update variable "running" at a time using "acquire() and release()" mechanism. RLock( ) is a factory function that returns a new reentrant lock object. A reentrant lock must be released by the thread that acquired it. Once a thread has acquired a reentrant lock, the same thread may acquire it again without blocking; the thread must release it once for each time it has acquired it. ("Python Library Reference", 2009)
# create a Read Lock
mutex = threading.RLock()
mutex.acquire()
running = running + 1
mutex.release()
Refereces
Downey, A. B.(2008).The Little Book of Semaphores(2nd E.d.). Retrieved 13 May 2010 from http://www.greenteapress.com/semaphores/downey08semaphores.pdf
"DeadLock".(2010). Viewed 17 May 2010 from http://en.wikipedia.org/wiki/Deadlock
Lock(computer science).(n.d.)viewed 13 May 2010 from http://en.wikipedia.org/wiki/Lock_%28computer_science%29
Lundh, F. 2007.Thread Synchronization Mechanisms in Python.Viewed 13 May 2010 from http://effbot.org/zone/thread-synchronization.htm
"Mutual Exclusion".(2010). Viewed 17 May 2010 from http://en.wikipedia.org/wiki/Mutual_exclusion
msdn Library(n.d.).Waitable Timer Object.viewed 13 May 2010 from http://msdn.microsoft.com/en-us/library/ms687012(VS.85).aspx
"Python Library Reference".(2008).Viewed 05 May 2010 from http://www.python.org/doc/2.5.2/lib/module-threading.html
"What Is an Event".(2007).Viewed 12 May 2010 from http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci1274431,00.html
"What is Thread Synchronisation?". (n.d.).Viewed 10 May 2010 from http://wiki.answers.com/Q/What_is_Thread_Synchronization
Excersise 9 : Electronic payments and Security
1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.
Secure Electronic Transaction (SET) is a standard specification for protection of credit card transactions in open networks (e.g. Internet). It was started 1996 by two big credit card providers who are Master card and Visa card and then others companies participated in. It is not a payment method, but a set of protocols that allows users to employ existing credit card payment infrastructure in a secure fashion (Stallings, 2002).
RSA is a public key cryptography system which is invented in 1977 by three MIT professors. it can be used for digital signing, signature verification ("RSA Algorithm", n.d) and sending data over an insecure channel (Ince, 2004).
2. What can you find out about network and host-based intrusion detection systems?
Most intrusion detection system (IDS) were used to either detect or defelect attackes and there were two approaches in developing IDSs. IDSs help a system recognising that it is being attacked based on attack signatures and specific patterns. While network IDS looks for patterns of the network traffic to realize attacks, host-based IDS will scan log files for attack signatures. Both of them has strengths and weaknesses, so it is better to use both of them in developing an effective IDS ("Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology", 1998).
3. What is 'phishing'?
Webopedia(2010) states that :"The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information".
4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?
Ince (2004) said “SET is a protocol which is used for sending credit card information over the internet”. In one transaction there are three parties which are buyer, seller and the bank involved. When a purchase is made, the buy sent his credit card details which are encrypted using the private key to the seller. The seller’s server then attaches its digital signature and submits that bunch of data (encrypted credit-card details of buyer and seller’s digital signature) to the bank’s computer. This computer will validate the credit card and send receipts to both the buyer and the seller. Therefore the seller cannot access the buyer’s credit-card information and the bank does not care what customer bought . One major advantage of SET technology is eliminating large numbers of fraud transactions related to credit cards (Ince, 2004).
Secure Socket Layer(SSL),based on cryptography, is the most popular technology used in e-commerce security(Ince, 2004). SSL ensure that a trusted channel has been established before a transaction occurred between server and client. First SSL server allows the client to confirm the identity of the server by validating the server’s digital signature. Although client authentication is not use in common, the server can validate client in a similar way of the client validate the server as well. SSL uses different symmetric encryption techniques to exchange data between server and client (Ince, 2004).
Although SET is more secured to the customer than SSL because the merchant cannot access customer’s credit card details, SSL is more popular because it is simpler. In order to make a purchase only two parties are involved (buyer and seller), unlike SET requires three ( buyer, seller and the bank ).
5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?
Cookie or browser cookie is a text file stored by the client’s web browser. It is used for authentication, session tracking (state maintenance), store site preferences, shopping cart contents etc.
Data stored in the cookies is encrypted for information privacy and data security purpose ("HTTP cookie", 2010). When a client makes Http requests to a server, it is usually required that the cookies stored on the client to be sent with the Http request so that the server could determined this client is authenticated to access the server's resources.
Cookies are not executable files therefore they cannot replicate themselves and are not considered as viruses. However, Cookies can be use as spyware because they can track people (anti-spyware alerts). Based on cookies, hackers can build a user’s preferences. This action violate the privacy of users("HTTP cookie", 2010).
6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?
A Firewall is an extra layer of protection which surrounds a network or an application. A firewall could be a hardware device or software application which is placed between your network and the Internet. It is able to filter both incoming and outcomming mesages(Ince, 2004). Therefore, a firewall can prevent un-authorised users to access your private network.
Having your network protected by a firewall is a good security investment in order to protect your network from hackers or viruses.
A firewall vendor can provide both hardware and software firewall (e.g. Cisco) or hardware firewall (e.g. Netgear) only. There are also plenty of vendor who provide firewall software only such as SunSoft, Netguard...
7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
One of the most difficult things of e-commerce websites is to create trust among their customers. Becasue of customer's worry in losing their personal information and financial details(e.g credit card details), an imporant factor in building trust, with both customers and partners, is the assurance that the e-commerce operation meets the demanding security standards required of organizations handling sensitive financial information. Ince(2004) suggests a series of requirements for secure e-commrece:
i) Authentication
This means that customers are able to ensure that they are in fact doing business and sending private information with a real identity.
ii) Confidentiality
Information such as credit card and transaction details, which are stored on a system or tranfered on the Internet. must be not accessed by unauthorised parties.
iii) Data integrity
Only authorised parties are able to change data and data cannot be tampered when transmit on the Internet.
iv) Nonrepudiation
Both the sender and receiver of a transaction can not deny that a transaction did not occur
Digital certificate, email confirmation, and online enquiry could help customers to verify that the security measure are taken in an e-commerce environment.
8. Get the latest PGP information from http://en.wikipedia.org/wiki/Pretty_Good_Privacy.
According to Wikipedia(2010), "Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991".
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
Other tools can be used for validating legitimate users are USB smart cards, smart cards, one time password, PKI authentication etc. These tools can be used together to create a strong authentication.
Reference
"HTTP cookie".(2010).viewed 12 May 2010 from http://en.wikipedia.org/wiki/HTTP_cookie
"Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology".(1998).Retreived 08 May 2010 from http://documents.iss.net/whitepapers/nvh_ids.pdf
Ince, D. (2004). Developing distributed and e-commerce applications (2nd Ed.), Harlow, Essex, UK: Addison – Wesley
"Pretty Good Privacy".(2010). Viewed 12 May 2010 from http://en.wikipedia.org/wiki/Pretty_Good_Privacy
"RSA Algorithm".(n.d).viewd 12 May 2010 from http://www.di-mgt.com.au/rsa_alg.html
Stallings, W.(2002).Introduction to Secure Electronic Transaction (SET).
viewed 12 May 2010 from http://www.informit.com/articles/article.aspx?p=26857
"Understanding and Using Firewalls".(2004). Viewed 08 May 2010 from http://www.bleepingcomputer.com/tutorials/tutorial60.html
Webopedia.(2010)."All about Phising".Viewed 09 May 20101 from http://www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp
Wang, M.(2003).Assessment of E-Service Quality via E- Satisfaction in E-commerce Globalization. Retrieved 09 May 2010 from http://www.ejisdc.org/ojs2/index.php/ejisdc/article/viewFile/68/68
Zirkle, L.(2008).Intrusion Detection FAQ: What is host-based intrusion detection?. Viewed 05 May 2010 from http://www.sans.org/security-resources/idfaq/host_based.php
Secure Electronic Transaction (SET) is a standard specification for protection of credit card transactions in open networks (e.g. Internet). It was started 1996 by two big credit card providers who are Master card and Visa card and then others companies participated in. It is not a payment method, but a set of protocols that allows users to employ existing credit card payment infrastructure in a secure fashion (Stallings, 2002).
RSA is a public key cryptography system which is invented in 1977 by three MIT professors. it can be used for digital signing, signature verification ("RSA Algorithm", n.d) and sending data over an insecure channel (Ince, 2004).
2. What can you find out about network and host-based intrusion detection systems?
Most intrusion detection system (IDS) were used to either detect or defelect attackes and there were two approaches in developing IDSs. IDSs help a system recognising that it is being attacked based on attack signatures and specific patterns. While network IDS looks for patterns of the network traffic to realize attacks, host-based IDS will scan log files for attack signatures. Both of them has strengths and weaknesses, so it is better to use both of them in developing an effective IDS ("Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology", 1998).
3. What is 'phishing'?
Webopedia(2010) states that :"The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information".
4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?
Ince (2004) said “SET is a protocol which is used for sending credit card information over the internet”. In one transaction there are three parties which are buyer, seller and the bank involved. When a purchase is made, the buy sent his credit card details which are encrypted using the private key to the seller. The seller’s server then attaches its digital signature and submits that bunch of data (encrypted credit-card details of buyer and seller’s digital signature) to the bank’s computer. This computer will validate the credit card and send receipts to both the buyer and the seller. Therefore the seller cannot access the buyer’s credit-card information and the bank does not care what customer bought . One major advantage of SET technology is eliminating large numbers of fraud transactions related to credit cards (Ince, 2004).
Secure Socket Layer(SSL),based on cryptography, is the most popular technology used in e-commerce security(Ince, 2004). SSL ensure that a trusted channel has been established before a transaction occurred between server and client. First SSL server allows the client to confirm the identity of the server by validating the server’s digital signature. Although client authentication is not use in common, the server can validate client in a similar way of the client validate the server as well. SSL uses different symmetric encryption techniques to exchange data between server and client (Ince, 2004).
Although SET is more secured to the customer than SSL because the merchant cannot access customer’s credit card details, SSL is more popular because it is simpler. In order to make a purchase only two parties are involved (buyer and seller), unlike SET requires three ( buyer, seller and the bank ).
5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?
Cookie or browser cookie is a text file stored by the client’s web browser. It is used for authentication, session tracking (state maintenance), store site preferences, shopping cart contents etc.
Data stored in the cookies is encrypted for information privacy and data security purpose ("HTTP cookie", 2010). When a client makes Http requests to a server, it is usually required that the cookies stored on the client to be sent with the Http request so that the server could determined this client is authenticated to access the server's resources.
Cookies are not executable files therefore they cannot replicate themselves and are not considered as viruses. However, Cookies can be use as spyware because they can track people (anti-spyware alerts). Based on cookies, hackers can build a user’s preferences. This action violate the privacy of users("HTTP cookie", 2010).
6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?
A Firewall is an extra layer of protection which surrounds a network or an application. A firewall could be a hardware device or software application which is placed between your network and the Internet. It is able to filter both incoming and outcomming mesages(Ince, 2004). Therefore, a firewall can prevent un-authorised users to access your private network.
Having your network protected by a firewall is a good security investment in order to protect your network from hackers or viruses.
A firewall vendor can provide both hardware and software firewall (e.g. Cisco) or hardware firewall (e.g. Netgear) only. There are also plenty of vendor who provide firewall software only such as SunSoft, Netguard...
7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
One of the most difficult things of e-commerce websites is to create trust among their customers. Becasue of customer's worry in losing their personal information and financial details(e.g credit card details), an imporant factor in building trust, with both customers and partners, is the assurance that the e-commerce operation meets the demanding security standards required of organizations handling sensitive financial information. Ince(2004) suggests a series of requirements for secure e-commrece:
i) Authentication
This means that customers are able to ensure that they are in fact doing business and sending private information with a real identity.
ii) Confidentiality
Information such as credit card and transaction details, which are stored on a system or tranfered on the Internet. must be not accessed by unauthorised parties.
iii) Data integrity
Only authorised parties are able to change data and data cannot be tampered when transmit on the Internet.
iv) Nonrepudiation
Both the sender and receiver of a transaction can not deny that a transaction did not occur
Digital certificate, email confirmation, and online enquiry could help customers to verify that the security measure are taken in an e-commerce environment.
8. Get the latest PGP information from http://en.wikipedia.org/wiki/Pretty_Good_Privacy.
According to Wikipedia(2010), "Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991".
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
Other tools can be used for validating legitimate users are USB smart cards, smart cards, one time password, PKI authentication etc. These tools can be used together to create a strong authentication.
Reference
"HTTP cookie".(2010).viewed 12 May 2010 from http://en.wikipedia.org/wiki/HTTP_cookie
"Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology".(1998).Retreived 08 May 2010 from http://documents.iss.net/whitepapers/nvh_ids.pdf
Ince, D. (2004). Developing distributed and e-commerce applications (2nd Ed.), Harlow, Essex, UK: Addison – Wesley
"Pretty Good Privacy".(2010). Viewed 12 May 2010 from http://en.wikipedia.org/wiki/Pretty_Good_Privacy
"RSA Algorithm".(n.d).viewd 12 May 2010 from http://www.di-mgt.com.au/rsa_alg.html
Stallings, W.(2002).Introduction to Secure Electronic Transaction (SET).
viewed 12 May 2010 from http://www.informit.com/articles/article.aspx?p=26857
"Understanding and Using Firewalls".(2004). Viewed 08 May 2010 from http://www.bleepingcomputer.com/tutorials/tutorial60.html
Webopedia.(2010)."All about Phising".Viewed 09 May 20101 from http://www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp
Wang, M.(2003).Assessment of E-Service Quality via E- Satisfaction in E-commerce Globalization. Retrieved 09 May 2010 from http://www.ejisdc.org/ojs2/index.php/ejisdc/article/viewFile/68/68
Zirkle, L.(2008).Intrusion Detection FAQ: What is host-based intrusion detection?. Viewed 05 May 2010 from http://www.sans.org/security-resources/idfaq/host_based.php
Subscribe to:
Posts (Atom)