Sunday, April 22, 2012

Day Thirty Eight: Poster Session and Farewell

My group was present at the School of Sciences and Mathematics Research Poster Session on Thursday. The poster turned out very well. It is not currently available on the wiki, but I will upload it there in the near future. It is currently hanging up on the second floor of JC Long. I stood in front of the poster during the poster session and answered any questions. I believe that Matt and Julie talked with one of the board of trustees members before I arrived. I spoke with another trustee member and sang my praise about the computer science department. I meant every word of it. I came to the College of Charleston with a major in biology and left it with a major in computer science. For the first few years, I was not sure what I was doing or where I belonged. I was lucky enough to take an intro computer science my sophomore year, and I instantly fell in love. I still need to make it through finals, but the end is in sight. Wish me luck.

TripleJ is scheduled to meet on Thursday and Sunday to prepare for our final presentation. I would update this post with a description of our efforts, but this blog is due in the form of a pdf file by tomorrow morning.

I enjoyed this class, and I will miss everyone in the department very much. Hopefully, we can find ways to communicate after graduation and keep in touch.
Posted by at No comments:

Day Thirty Seven: Final Words on RMH Homebase

I finished the exercises from chapter 7 and 8 in the Software Development textbook and updated the earlier posts to reflect my work. Overall, I was very successful; however, I need a lot more practice with MySQL and databases in general. My work with chapter 7 did not unit test correctly. This is likely because my understanding of both PHP and MySQL is very limited. I am more comfortable with PHP now that I took a couple of online tutorials. A lot of students in my class have somewhat of an advantage because they took Database Concepts as one of their electives. I regret not taking that class as an elective, but it is too late now. 

VirtualBox is an amazing piece of software, but it has given me a lot of difficulty over the course of this semester. I have learned to clone my virtual machines whenever I reach a critical point. For instance, after my second failure during RMH Homebase work, I finally took a hint and set up a clone with a fresh install of Eclipse and RMH Homebase 1.5 and 2.0. If anything ever goes wrong, I can just use the clone instead of reinstalling everything and wasting hours of my time. 

The blogs have been the most useful resource to me in terms of homework and our group project. When I could not get LAMP successfully installed, I found Scott's blog and figured it out. When my group could not compile XBMC from source, we looked at eachother's blog posts and determined the problem. I didn't even know what SimpleTest was before I looked at David's post. The book had helpful examples, but I had better luck getting the information from other students in many cases. I may fall behind at times and forget to update my blog, but it is an invaluable asset to myself and others
Posted by at No comments:

Day Thirty Six: A Final Update on Group Work

The poster is printed, and the wiki edits are basically finished. Team TripleJ's project timeline has changed a lot over the semester, but we have met the deadlines that we set for ourselves over a month ago. Every team has been keeping a private wiki over the course of the semester. This approach has worked so far because everyone in the class can edit their own wiki and view other teams' wikis for reference; however, it is not possible for us to make these wikis public for future reference outside of class. I took the simplest approach to this problem and created an exact replica of our class wiki here. It is public, but only our group members have write privileges.

Anything that I could possibly say in terms of our group's progress is already available on the wiki. I will post everything here to help readers avoid the hassle of opening yet another webpage. Feel free to visit the wiki for more information.



Progress Reports in Reference to Project Calender

Our groups calender was created and maintained via Google Calender. This is a fantastic way to make it easily available and well organized, but it doesn't lend itself very well to mile-stone updates or textual descriptions. Our milestones will be posted here, along with any other relevant information.



Milestone 1 - Ubuntu Installation and Compilation README Fix

Bug #12641: We added new and correct instructions to compile XBMC based on our experience compiling it. Most of our additions to the README were adding the proper commands for activating the PPAs and dependencies (which were originally not present at all in the README). We also fixed and updated a broken link.

We submitted a patch and began dialogue with the developers. Feedback was largely positive, but they were concerned about the presence of a third-party PPA. We removed the third party PPA, which was for the stable version of XBMC, and submitted a new patch. Our second patch also had the spacing and indentations updated to be consistent with the rest of the README file.


Milestone 2 - Xbox Controller Config

Bug #12653: This bug concerns a problem with connecting an Xbox 360 controller to the computer before XBMC is running. When one connects the controller, disconnects the controller, and then lets XBMC go inactive for 4 minutes, the XBMC will crash when you activate it again. We were able to replicate the bug. (from our Contributions page).


This bug was replicated in the Eden: Beta 2 successfully. However, the actual bug report went back and forth over the break, and in that time, Release Candidate 2 was released. After compiling the new release, we tested the bug once again, and it seemed as though the bug had been fixed. Upon further investigation, an important step in reproducing the bug had been left out and forgotten. The controller must be turned on before starting XBMC. After correcting this mistake, we were able to replicate this but in RC 2 as well.


The forums are undergoing a major upgrade, and the process seems to be taxing XBMC's resources as a whole because even the bug tracker page is slow and sometimes hangs. We will continue to investigate this bug and utilize the forum's resources once they become available.

We posted detailed instructions to reproduce the bug on the comments of the bug report. The developers were able to reproduce the bug based on our instructions. This led to a lot of chatter among the developers. They are now working hard to fix the bug. We have reached out to them asking how we can help fix the bug (or any other bugs) and are awaiting a reply.


Milestone 3 - Default Audio/Subtitle Settings Bug

Bug #10489: This bug has been closed and re-opened before. Hopefully this will be the last time. For this bug, the external subtitles are not always on by default and the user cannot save the default audio setting overall. The team read the notes for Release Candidate 1 and the bug appeared to be fixed. After posting on the bug report's wall that the bug was fixed in Release Candidate 1, the developers closed the bug report and gave it the status of fixed.

Update on Xbox controller bug: The developers were able to fix the bug in time for Eden's official release after our help. The bug is now closed and the fix is included with the latest available download of XBMC.



Milestone 4 - Wiki/Documentation Edits

The list below contains links, as well as short descriptions of changes made/updated to reflect the final Eden release. This way we can document and review our contributions.

Team Member usernames:
David Schirduan - Mercyshipdude
Jason Leonard - jleonardw9
Julie Norris - babyturtle05
James Joy - jamesjoy
Matthew Vaveris - JohnSN7


Edits Made to Pages

Controls
Link- Fixed an old link that pointed to SVN repository. It now points to the Git cpp code. (James)

How-To install XBMC Ubuntu
Link - Added descriptions and differences of the different installation methods. (David)

How to submit a patch
Link - Updated this page to reflect the switch-over to the new Git repository (Jason)

How to compile XBMC for Linux
Link - Corrected for Git repository and fixed some spelling errors (Jason)

Cue Sheets
Link - Corrected for spelling and grammar (Julie)

Built In Scripting
Link - Corrected for spelling, grammar, and function names (Julie)

ShutdownMenu
Link - Updated screenshots, menu options and explanations (David)

Language support
Link - Corrected for spelling and grammar (Julie)

HOWTO: Enable weather info display for the home screen via skinning
Link - Corrected for spelling and grammar (Julie)

Add-on: IMDb
Link - Updated page layout (Julie)

Future Edits to Pages

Troubleshooting Tactics
Link - Expand this page to include a variety of troubleshooting techniques for the XBMC (Matthew)

Controls
Link- Double check to see if the listed "available controls" are accurate (James)
Posted by at No comments:

Sunday, April 15, 2012

Day Thirty Five: Password Recovery in RMH Homebase

The assignment for this class is exercise 8.1 in the Software Development textbook.

Exercise 8.1.A:
You should never assume that a user will change his or her default password. For security purposes, you write code that asks users to change their passwords when they login for the first time. There should also be a conditional that checks to see if the new password is a valid password (can't be the same as the default password).

Exercise 8.1.B:
The simplest solution is to have a question, or a set of questions, that the users answer when they login for the first time. For example, a question could be "What is your mother's maiden name?" If a user forgets his or her password, he should be prompted with the question and should only be allowed to change his or her password if he or she answers the question correctly. This is not the most secure way, but it is easier than validating an email account or calling a phone number to verify the changes.

Exercise 8.1.C:
I looked around to get some ideas on how to start implementing my idea and found Jennifer's blog post. I don't want to copy/paste code or steal anyone else's ideas, but some of her code fits my needs perfectly.

First, add a password_answer variable to Person.php. We don't really need a setter, but I went ahead and added a setter and a getter.

private $password_answer; //answer to the password reset question
...

function get_password_answer(){
return $this->password_answer;
}
...

function set_password_answer($pwa){
$this->password_answer = md5($pwa);
}

Next, add a new function to dbPersons.php (be sure to add a password_answer field to the query in the setup function and add a null value to the end of the admin constructor) :


function change_password_answer($id,$answer){
connect();
$query = 'UPDATE dbPersons SET password_answer = "'.$answer.'" WHERE id = "'.$id.'"';
$result = mysql_query($query);
mysql_close();
return $result;
}


Next, make the changes to login_form.php:

if($person['password']==$person['first_name'] . $person['phone1']){
echo('<table><form method="post">
<tr><td>Please reset your password.</td></tr>
<tr><td>New Password: </td><td><input type="password"name="newpass"></td></tr>
<tr><td>Confirm New Password: </td><td><input type="password"name="newpassconf"></td></tr>
<tr><td>Please provide the following for future password recovery:</td></tr>
<tr><td>Mothers maiden name: </td><td><input type="password"name="maidenname"></td></tr>
<tr><td>Confirm answer: </td><td><input type="password"name="maidennameconf"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="SetPassword" value="SetPassword"></td></tr></form></table>');
$db_new_pass = md5($_POST['newpass']);
$db_new_pass_conf = md5($_POST['newpassconf']);
if(maidenname == maidennameconf){
if($db_new_pass == $db_new_pass_conf){
change_password($db_id, $db_new_pass);
$db_pass_answer = md5($_POST['maidenname']);
change_password_answer($db_id, $db_pass_answer);
}
else {
echo('<div><p>Error: Passwords do not match. Please try again.</p></div>    ');
}
}
else {
echo('<div><p>Error: The answers do not match. Please try again.</p></div>    ');
}
}
$_SESSION['logged_in']=1;
$type_array = explode(",",$person['type']);
if (in_array('applicant', $type_array))
$_SESSION['access_level'] = 0;
else if (in_array('manager', $type_array))
$_SESSION['access_level'] = 2;
else $_SESSION['access_level'] = 1;
$_SESSION['f_name']=$person['first_name'];
$_SESSION['l_name']=$person['last_name'];
$_SESSION['_id']=$_POST['user'];
echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
}
else {
echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to RMH Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');
echo('<p>If you are a volunteer, your Username is your first name followed by your phone number with no spaces. ' . 'For instance, if your first name were John and your phone number were (207)-123-4567, ' . 'then your Username would be <strong>John2071234567</strong>.  ');
echo('If you do not remember your password, please enter your mothers maiden name:');
    echo('<table><form method="post"><input type="password" name="passanswer"></table>');
echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
$input_answer=md5($_POST['passanswer']);
if ($person['password_answer']==$input_answer){
echo('<table><form method="post">
<tr><td>Please reset your password.</td></tr>
<tr><td>New Password: </td><td><input type="password"name="newpass"></td></tr>
<tr><td>Confirm New Password: </td><td><input type="password"name="newpassconf"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="Set
Password" value="SetPassword"></td></tr></form></table>');
$db_new_pass = md5($_POST['newpass']);
$db_new_pass_conf = md5($_POST['newpassconf']);
if($db_new_pass == $db_new_pass_conf){
change_password($db_id, $db_new_pass);
}
else {
echo('<div><p>Error: Passwords do not match. Please try again.</p></div>    ');
}
}
else {
return 'The answer does not match the one we have on file.';
}
...

The new function works when I unit tested it, but the actual logic still needs to be tested. I have a sandbox setup. I will copy my work from my workspace into my sandbox and give it a try later.



Posted by at No comments:

Day Thirty Four: Chapter 8 in Software Development

8.1 Design Principles and Practice
What makes a good user interface?

  1. Completeness: 
  2. Language
  3. Simplicity
  4. Navigability
  5. Feedback and recovery
  6. Data integrity
  7. Client-server integrity
  8. Security
  9. Documentation
8.1.1 The Model-View-Controller Pattern
Separates user interface into three distinct conceptual components:
  • The application's body (the model)
    • Contains the session-specific representation of the data (state) of the system during user-system interactions: active variables and database tables
  • The user interface presentation (the view)
    • Typically a collection of user interface forms, including graphics, text, and various widgets that enable information to be easily transmitted by the controller between the user and the model: HTML and PHP
  • The user input/output and navigational functionality (the controller)
    • Receives user input via the view and initiates a response by making transformations on the data in the underlying model
    • Maintains SESSION, GET, and POST information; verifies user input; and updates other appropriate model elements.
8.1.2 Sessions, Query Strings, and Global Variables
Each individual user who logs in to the system initiates a unique session

8.1.3 Ensuring Security at the User Interface

8.1.3.1 Enforcing Levels of User Access
A user only has access to the functions and data to which he/she is entitled 

8.1.3.2 Password Encryption
Store password data in an encrypted form (md5) to ensure that it is safe if the database is accessed outside the application

8.1.3.3 SQL Injection Attacks
Prevent this exploit by filtering user input

8.1.3.4 Cross-Site Scripting Attacks
Filter external sources

8.2 Working with Code
Explained through examples. Reading the sections helps more than an outline

8.3 Adding New Features: User Interface Impact
This section is important for exercise 8.1.
Posted by at No comments:

Monday, April 9, 2012

Day Thirty Three: The End is in Sight

Our group met on Easter Sunday to work on our poster. I looked through some of the example posters for ideas, and my favorite design is this one. The text in the center really jumps out and demands attention. The pictures around the edge can be screenshots or other relevant visual information. The rest of the group really likes this example poster as well.

We are focusing on our experiences in the middle of a release cycle. When we joined XBMC's community for this project, Eden Beta 1 had just been released. Bug reports from Dharma were rapidly triaged by the community and the remaining, high-priority bugs were fixed by the developers. Following the github page and seeing all of the pull requests and all of the changes that were made is rather fascinating. Other groups are experiencing the push to a new release, but Eden is out right now. The major bugs have already been fixed, but there is demand for documentation as a result. The wiki page even has a plea for help. We will mention this shift in focus in our presentation

The poster is still a little rough, but our abstract is finished. We will submit the application email tomorrow during class and continue working on the poster is there is time. I still need to recompile Dharma in order to get screenshots as a reference for our poster. It is funny that I am updating screenshots on XBMC's wiki for Eden, and yet I need Dharma screenshots for our project.

I came across the printing request sheet that must be filled out and noticed a place for the faculty advisor's signature. Is this Dr. Bowring? Also, it mentions a charge for Non-SSM departments, but I am not sure what that means. These are some of the questions that I need to ask in class tomorrow.
Posted by at No comments:

Day Thirty Two: Implementing Changes in RMH Homebase

I am a little upset at the moment, my 10.4 virtualbox install of Ubuntu is bugging out on me. I had implemented the get functions in 7.2 and was in the process of getting SimpleTest to work in eclipse, but the GUI isn't even working. I still need to go back and perform unit tests on the other exercises, so I might just start from a fresh install of 11.10. I will update this post once I go through the entire process again.

Update:
I restarted the assignment and got it working. Here are my answers.

Exercise 7.1:

Person.php violates cirterion 5 because it adds a new Person with null values. It is just the default admin account, but it still exists.

Person.php also violates criterion 6 because the first name and the first phone number are redundant with the primary key.

Exercise 7.2:
Here are all of the shift getters:


 function get_shift_month($id){
  return substr($id,0,2);
 }
 function get_shift_day($id){
  return substr($id,3,2);
 }
 function get_shift_year($id){
  return substr($id,6,2);
 }
 function get_shift_start($id){
  if (substr($id, 11, 1) == "-")
    return substr($id,9,2);
  else return substr($id,9,1);
 }
 function get_shift_end($id){
  if (substr($id,11,1)=="-")
    return substr($id,12,2);
  else return substr($id,11,2);
 }

Here are the unit tests that I added:


$this->assertTrue(get_shift_month($s2->get_id()) == "02");
$this->assertTrue(get_shift_day($s2->get_id()) == "25");
$this->assertTrue(get_shift_year($s2->get_id()) == "08");
$this->assertTrue(get_shift_start($s2->get_id()) == "15");
$this->assertTrue(get_shift_end($s2->get_id()) == "18");


Success! No errors or failures (aside from the failure that was present in the original source code)


Exercise 7.3:
First, I made changes to dbInstall.php so I wouldn't forget to add it later:


...

include_once('dbPersons.php');
include_once('dbMonths.php')


// connect
$connected=connect();
  if (!$connected) echo("not connected...<br />");
  echo("connected...<br />");
   echo("database selected...<br />");


// setup all of the tables
   setup_dbWeeks();
   echo("dbWeeks added...<br />");
   //MONTHS
   setup_dbMonths();
   echo("dbMonths added...<br />")
   //SCHEDULE
...

Then, I made my dbMonths.php file.


<?php
include_once('Month.php');
include_once('dbDates.php');


function setup_dbMonths() {
connect();
mysql_query("DROP TABLE IF EXISTS dbMonths");
$result=mysql_query("CREATE TABLE dbMonths (id CHAR(8) NOT NULL, dates TEXT, name VARCHAR(14), weekday_start VARCHAR(9), days TEXT, timestamp DATETIME, PRIMARY KEY (id))");
if(!$result)
echo mysql_error();
mysql_close();
}


/**
 * Inserts a month into the db
 * @param $m the month to insert
 */
function insert_dbMonths($m) {
if (! $m instanceof Month) {
die ("Invalid argument for dbMonths->add_month function call");
}
connect();
$query = "SELECT * FROM dbMonths WHERE id =\"".$m->get_id()."\"";
$result = mysql_query ($query);
if(mysql_num_rows($result)!=0) {
delete_dbMonths($w);
connect();
}
$query="INSERT INTO dbMonths VALUES
(\"".$m->get_id()."\",".get_dates_text($m->get_dates()).",\"".
$m->get_name()."\",\"".
$m->get_weekday_start()."\",\"".
$m->get_timestamp()."\",\"".
$m->get_days()."\")";
$result=mysql_query($query);
mysql_close();
if (!$result) {
echo ("unable to insert into dbMonths: ".$m->get_id(). mysql_error());
return false;
}
else foreach($m->get_dates() as $i)
insert_dbMonths($i);
return true;
}
...


This file is fairly large. I order to avoid swamping this post in code, I will not post the rest


Finally, the testdbMonths.php file:



<?php
include_once(dirname(__FILE__).'/../database/dbMonths.php');
class testdbMonths extends UnitTestCase {
  function testdbMonthsModule() {
    $m=new Month("02","08");    
    $this->assertTrue(insert_dbMonths($m));
    $m=new Month("03","08"); 
$this->assertTrue(update_dbMonths($m));
$m=get_dbMonths("03-31-08");
$this->assertTrue($m->get_name()=="March 2008");
$this->assertTrue(delete_dbMonths($m));


echo "testdbMonths complete";
  }
}
?>


No tests fail or report any errors; however, dbInstall.php does not print that dbMonths was installed correctly. 








Posted by at No comments:

Day Thirty One: Software Development Chapter 7

Today's assignment is to read chapter 7 in the Software Development textbook. This chapter focuses on developing the database modules of RMH Homebase and introduces several new concepts, such as database design principles and software security. As with my previous posts, I will make a brief outline of this chapter for future reference. Doing so will prepare me for the next assignment and will provide a useful tool for studying.

7.1 Design Principles and Practice

  • Database: a collection of data organized in a particular way for efficient computerized storage and retrieval
  • Persistence: data in a database persists beyond the life of the program or programs that access those data
  • Relational model: relational databases can be stored as a collection of two-dimensional tables
7.1.1 Database Creation
  • The database must first be created and initialized
7.1.2 Connecting the Program to the Database
  • mysql_connect($host, $user, $password)
    • connnects the program with the database server
  • mysql_select_db($database, $connected)
  • mysql_error()
  • mysql_close()
  • mysql_query($query)
7.1.3 Tables
  • Attribute: a column of a table that has a unique name and a data type
7.1.3.1 Table Naming Conventions
  • "Use names that unify classes and instance variables with their corresponding database tables and column headings"
7.1.4 Normalization and Keys
  • Normalization: a strategy for designing tables so that they support general-purpose querying and ensure data integrity
  • Primary key: a unique identifier
7.1.5 Backup and Recovery
  • modern DBMS systems can just use an "export" command
7.2 Working with a Database

Three important types of actions
  1. The table must first be created
  2. Individual rows of the table can then be retrieved, added, deleted, or changed (updated)
  3. The table can be removed from the database, or dropped, in which case all its data are also lost
The rest of this section is primarily example commands 

7.3 Database Security and Integrity

A secure database accomplishes all of the following goals:
  • It prevents unauthorized or accidental disclosure, alteration, or destruction of data.
  • It prevents unauthorized or accidental access to data considered confidential to the organization or individual who owns the data.
  • It ensures data integrity, so that the data stored in the database are always valid and accurate.
7.3.1 Database-Level Permissions

Four levels of access
  1. Server level: privileges that apply to all databases on the server
  2. Database level: privileges that apply to all tables in a particular database on the server
  3. Table level: privileges that apply to all columns of a particular table in the database
  4. Column level: privileges that apply to an individual column of a table in the database
7.3.2 User-Level Permissions

7.3.3 Controlling Concurrency

MySQL uses table locking to ensure database integrity when several users (sessions) are accessing the database at the same time.

7.4 Adding New Software Features: Database Impact


Posted by at No comments:

Day Thirty: Day 2 of POSSCON

Keynote:
Scott McNealy gave a lot of important information regarding open source's advantages over proprietary software. Open source software (OSS) is safer than proprietary code: "What if the Trojan horse was made of glass?" is the question he asked. OSS code is higher quality because engineers know that their code will be visible to everyone. OSS has zero barrier to entry and zero barrier to exit: the barrier to exit in proprietary software is generally ten times the barrier to entry. This is known as vendor lock-in.

Big Picture: Open Security:
This presentation frightened me a little because it revealed a process that I had not considered. Many process control systems are based on old software. As this old software is integrated with the rest of the system and connected to the Internet, the system becomes open to many potential threats. I trust that the government and the private sector will adequately test these systems and fix any vulnerabilities, but no software is perfect.

Education: Open Source in Art:
Carl Twarog talked about the Sonic Plaza and its importance to East Carolina University. The Sonic Plaza itself looks pretty amazing, but I was more impressed by Mr. Twarog's approach to research and development. He mentioned that it is important to include artists in the R & D process because they bring advantages, such as free association, originality, and progress/progression, to the table. I agree with this argument because I have found myself stuck in a programmer's mindset when a different mindset offered a better solution.

BOF: Linux:
The conversation focused on licenses and patents. Mr. Hall did not suggest that people use any particular type of license but urged businesses to have a plan before making any such decisions. His argument against over-patenting primarily focused on the pianoforte and the harpsichord. When the pianoforte (piano for short) was invented, there was no music written for it and no customer demand. The inventor's solution to this problem was the make the blueprints available to manufacturers. This open approach made the piano popular, but some patents on modern pianos force manufacturers to make strange design decisions in order to avoid legal issues.


This is where it gets crazy. I missed the keynote speech and the next presentation after the BOF because I talked with Mr. Hall for about two hours. I did more listening than talking, but I learned a lot about patents, IPv6, and standards (ogg vs. mpeg-4).


Big Picture: Making an Existing Software Project Open Source: How and Why with AOL as a Case Study:
I did not realize that so many big companies had dedicated OSS branches. AOL was the company used in this case study, but other proprietary companies, such as Microsoft, have similar programs. A lot of work goes into adapting proprietary software for the open source world; however, the advantages of open sourcing software can far outweigh the costs in some circumstances.

We all left early at this point
Posted by at No comments:

Day Twenty Nine: A Recap of POSSCON

POSSCON is over, and now it's back to work. I posted my schedule and mentioned the three people with whom I wanted to speak, but there were some slight changes. I will post an overview of the first day and post an overview of the second day later.

Day 1

Keynote: Open Source - Now and in the Future:
Larry Augustin talked about the three major groups involved with pushing open source forward: management, technologists, and educators. He also mentioned that mobile, social, and cloud are the three key words in the industry at the moment. Augustin is a proponent for open source, but he was not afraid to admit that the best solution might end up being proprietary software, depending on the circumstances.

Education: Here We Come, Ready or Not: Undergraduate Software Engineering Practicum in Open Source:
I was very pleased with Dr. Bowring's presentation. I contemplated going to a different event because I did not want to waste time hearing about something that I already knew; however, the summary of CSCI 362 and 462 helped bring it all together for me.

Demo: Benefitfocus Technology:
Don Taylor spoke at an ACM meeting at CofC before, but I wanted to learn more about their platform-as-a-service (PaaS) model. Their use of metadata driven architecture to minimize the footprint is a really interesting concept. Some of the design is still a little over my head, but it is easier to comprehend the second time around.

BOF Session - Securing Cyberspace with Open Source Software:
Several of my classmates were present with me during this lunch/discussion. I honestly felt a little out of place because everyone else, aside from my classmates, were very familiar with security and relevant open source software. The speakers kept us engaged in the conversation by asking our opinions on certain matters. These security specialists rarely get a chance to know how "young people" think, and our input had some value in this regard.

Keynote: Big Data, Hadoop and Open Source:
I have heard the term "Big Data" used before, but until Dr. Brodsky gave his keynote speech, I was not very sure what the term meant. I took a Data Mining class, so many of the ideas were not unfamiliar. The main point that I took out of this presentation is that unstructured data is measured by volume, variety, and velocity.

Education: Google Summer of Code and Google Code-In:
Google's Summer of Code program sounds like a great opportunity to get involved in the open source community and make some money in the process. I spoke with Carol Smith after her presentation and asked her if there are any other opportunities for non-students. I am still eligible for Summer of Code, but I will likely be working during that time. She offered to pass my resume along if I saw any interesting jobs on Google's job page.

Technical: Introducing C++11:
This presentation was definitely a little over my head; however, I did learn about some cool new features in C++11. There are new core language features, such as concurrency, move semantics, auto, lambdas, and a range-based for loop. There are new library features, such as containers, regular expressions, and smart pointers.

Big Picture: Changing the Face of Open Identity in Ecommerce:
I really enjoyed this talk. Jonathan Leblanc suggested that people get rid of the annoying registration forms and use other available profile systems instead. Here are some statistics that he mentioned: "23% of customers abandon carts when asked to register" and "45% left a site when they couldn't remember their password." I spoke with Mr. Leblanc afterwards and asked him how to avoid irrelevant information. The example I gave was this: A friend wants a new laptop but does not know much about hardware; he asks you to look for possible laptops within his price range online; the website assumes that you are interested in laptops. Mr. Leblanc admitted that this kind of situation can be a problem, but measurements taken over long periods of time can address this issue and help make an accurate personality profile. Just like people, these profiles must be able to adapt to an individuals changing needs and interests.
Posted by at No comments:

Tuesday, March 27, 2012

Day Twenty Eight: Preparation for POSSCON

I will be attending POSSCON with the rest of my classmates on March 28 and 29. In preparation for this event, I have developed a schedule for the events that I will attend. This is necessary because some time slots have multiple presentations.

March 28
9:00 - 9:15        Welcome
9:15 - 9:50         Keynote: Open Source - Now and in the Future
10:00 - 10:45     Demo: Open Sourcing: From Within Your Company, For Your Company
11:00 - 11:45     Education: Working Laterally: Restructuring K-12 Education Based on Open...
12:00 - 1:00       Lunch
1:00 - 1:45         Keynote: Big Data, Hadoop and Open Source
2:00 - 2:45         Big Picture: Open Source: Licenses & Communities
3:00 - 3:45         Demo: How GitHub Uses GitHub to Build GitHub
4:00 - 4:45         Big Picture: Changing the Face of Open Identity in Ecommerce
4:45 - 5:00         Wrap Up 

March 29
9:00 - 9:15         Welcome
9:15 - 10:15       Keynote
10:30 - 11:15     Education: Some People Hate Fun: Protecting 3D Printing and Open Hardware...
11:30 - 12:15     Education: Open Source in Art
12:15 - 1:30       Lunch
1:30 - 2:15         Keynote: Let's Talk About Cloud - The State of the Industry, OpenStack and APIs
2:30 - 3:15         Big Picture: Starting a New Open Source Project: The Project Lifecycle and How...
3:30 - 4:15         *Tie between Education and Demo*
4:30 - 5:00        Big Picture: Predictions & Trends for Open Source in the Enterprise in 2012
5:00 - 5:15        Wrap Up

We are also supposed to pick three presenters to talk with during free time. Scott McNealy is an obvious choice, though he may be very busy. Dan French has an interesting position as Superintendent of Schools; it would be nice to get some insight as to how he sees public schools interacting with technology in the future. Jonathan LeBlanc also sounds like a very interesting individual. The social side of technology has always intrigued me. These are my three choices as of now, but this decision is subject to change based on presentations. If I see a presentation that particularly interests me, I might decide to spend some of my time in discussion with that speaker instead. 


Posted by at No comments:

Monday, March 26, 2012

Day Twenty Seven: More Work with RMH Homebase


Exercise 6.1:
This is a very simple exercise that involves adding setters and getters for employer, contact person, and contact phone variables in the Person class.
Note: This exercise does not mention implementing a "status" variable, but it is necessary for the next few exercises. I went ahead and included the variable in this exercise.

Initialize the variables:

private $employer;           // name of current employer
private $contact_person;    // name of a contact Person
private $contact_phone;    // phone of the contact Person
private $status;          // a Person may be "active" or "inactive"

Make the setters:

function set_employer ($name) {
    $this->employer = $name;
}
function set_contact_person ($name) {
    $this->contact_person = $name;
}
function set_contact_phone ($phone) {
    $this->contact_phone = $phone;
}
function set_status ($status) {
    $this->status = $status;
}

Make the getters:

function get_employer () {
    return $this->employer;
}
function get_contact_person () {
    return $this->contact_person;
}
function get_contact_phone () {
    return $this->contact_phone;
}
function get_status () {
    return $this->status;
}

Exercise 6.2:
This exercise involves updating Person's constructor to implement status, employer, contact, and contact phone. The unit test, testPerson.php, also needs to be updated.

Modify the constructor with the new variables:


/**
 * constructor for all persons
 */
function __construct ($f, $l, $a, $c, $s, $z, $p1, $p2, $e, $t,
    $bg, $in, $sh, $con, $whe, $exp, $mot, $spe,
    $av, $sch, $hist, $bd, $sd, $pubn, $myn, $privn, $pass
    $status, $employer, $contact, $contact_phone) {
        $this->status = $status;
        $this->employer = $employer;
        $this->contact_person = $person;
        $this->contact_phone = $contact_phone;
        ...
}


Include the variables in the unit test:



//I need to make an object to test. This is just dummy data.
 $myPerson = new Person("Taylor","Talmage","928 SU","Brunswick","ME",04011,
 2074415902,2072654046,"ttalmage@bowdoin.edu","applicant,volunteer,sub","no","no","no","", "", "", "", "", "Mon9-12, Tue9-12, Wed12-3", "", "", "02-19-89", "03-14-08","this is one of my notes","this is a cool note","this is another note","Taylor2074415902", "active", "McDonalds", "Ronald McDonald", 8034563452);



Test getters and setters:


$this->assertTrue($myPerson->get_employer() == "McDonalds");
$myPerson->set_employer("Burger King");
$this->assertTrue($myPerson->get_employer() == "Burger King");


$this->assertTrue($myPerson->get_contact_person() == "Ronald McDonald");
$myPerson ->set_contact_person("The King");
$this->assertTrue($myPerson->get_contact_person() == "The King");

$this->assertTrue($myPerson->get_contact_phone() == 8034563452);
$myPerson->set_contact_phone(8035467654);
$this->assertTrue($myPerson->get_contact_phone() ==  8035467654); 


$this->assertTrue($myPerson->get_status() == "active");
$myPerson->set_status("inactive");
$this->assertTrue($myPerson->get_status() == "inactive");



Exercise 6.3:
This exercise asks how set_status could be implemented in order to error check the values provided to the method. Since a valid value for status can only be "active" or "inactive", it would be easy to set up a Boolean expression for error checking.

function set_status ($value) {
    if ($value == "inactive" or $value == "active") {
        $this->status = $value;
    }
    else {
        echo (""active" or "inactive" are the only valid inputs for status");
    }
}

Exercise 6.4:
This exercise involves removing mutators that are not called in any part of the code. As is stated in the book, none of the setters for the Person class are ever called because a new Person object is created every time information is changed; however, the book suggests that we leave these methods intact for reasons that will be discussed in future chapters. All of the getter methods are called at some point in the code base.

Posted by at No comments:

Monday, March 19, 2012

Day Twenty Two - Twenty Six: Condensed Update

The focus this week has been on our FOSS project rather than individual assignments. There is not much to say here that is not on my group's wiki page. I can briefly mention the work that I have done individually, but four separate blog posts would just be a waste of everyone's time. This post is a condensed version of what I have been working on over the past week.

Release Candidate 2 (RC2) was released on March 2 and further refines features that were added in RC1. All of the recent changes can be tracked here on XBMC's github page. RC2 quickly fixed a few major bugs, such as video lag, that were present in RC1. It is clear that the developers rapidly respond to problems that are readily defined in the bug tracker and on the forums. RC1 and RC2 were released only a week apart. The first order of business during our first group meeting after spring break was to catch up and compile the latest release from source. A weekly release schedule can eat up a lot of our time: it takes over an hour to compile on my poor little netbook. Speaking of my netbook, Ubuntu 12.04 is running nicely, and all of my previous problems appear to be fixed with this latest update. The newest kernel includes a fix for the back light problems that most netbook users are having.

It is crazy to think about how much XBMC has changed since we first started working on this project. When I first mentioned XBMC to my group earlier this semester, I was using Dharma on my desktop. Now, we are three beta releases and two release candidates into Eden. The pace is pretty hectic, and any contributions in this project are welcome to take some of the stress off of the developers. Matt and I replied to the Xbox 360 controller bug report, and offered to help fix the problem now that it has been discovered by the developers. CrystalP asked for us to test the changes and submitted a pull request (PR) on github. Git has a high learning curve. My experience with SVN last semester was pretty straight forward, but Matt and I had some trouble figuring out how to actually implement a PR in Git. There are a couple of Stackoverflow questions and various blogs that suggest possible solutions, but there are so many conflicting answers. Cherry-pick seems to be the best command to pull in a patch from a single commit. The process is very convoluted, and, unfortunately for our group's contribution (fortunately for the entire XBMC community), CrystalP went ahead and implemented the PR. At least we contributed to the conversation and gave the bug the push it needed to be fixed for Eden.

Jason's bug was also fixed by a developer while he was looking though the code for possible solutions. I let David borrow my netbook to test more LIRC bug reports, but these reports seem to be very hardware specific. He has not had much luck replicating bugs that deal with LIRC. It is difficult to keep up with such a fast-paced community with everything else that is going on this semester. We have decided to continue working on any bugs that come our way, but we need to refocus some of our effort to areas where we can contribute more. In our next meeting, we will come up with a schedule for our poster and find a couple of important pages on XBMC's wiki that need to be updated. Much of their wiki was designed for Dharma, and they desperately need some updates in order to be ready for Eden's release. From now on, I will focus my blog posts that are not dedicated to individual assignments on possible bug fixes to discuss with my group or specific pages on the wiki that needs to be updated. I hope this condensed post is more informative then three or four scattered posts.
Posted by at No comments:

Tuesday, February 28, 2012

Day Twenty One: Reflection and Review

Our current assignment is to read two articles from opensource.com and blog our response to these articles.

Sebastian Dziallas' article, How to Teach Undergrads How to Become Open Source Contributors Without Writing Any Code, caught my attention because it involves a different approach to teaching open source. As a computer science major, it makes sense to include coding as part of the core open source experience in a software engineering class; however, not all contributors to open source projects are programmers. Chapter 8 in Teaching Open Source describes the importance of documentation and technical writing. There are many opportunities to contribute to these vibrant open source communities outside of the realm of coding, but it seems as though very few classes offer a glimpse into this alternate perspective.

Dziallas' Release Engineering course started as somewhat of an experiment, and it developed into a highly educational experience. From his descriptions, projects went better than expected, and students were given the chance to see Tom Callaway, the Fedora Engineering Manager, talk in person about some of the same issues that Dziallas mentioned in class. I would like to see more opportunities for people to branch out and explore the world of open source. Dziallas mentions that he has been working with Fedora since he was 16. I am only beginning my adventure at the age of 21, but I am glad to have this opportunity.


Another article that sparked my interest is Anthony Biller's A Cure for the Common Troll. I mentioned much earlier in my blog that I read tech-blogs, such as engadget and gizmodo, on a daily basis. I have not seen as much mention of it lately, but, for a while, lawsuits concerning patent infringements dominated the headlines. Samsung and Apple battled it out constantly over, what is in my opinion, trivial matters. The authors of these posts and many of the readers pointed out that this incessant bickering is a common marketing scheme to help fill the coffers when business is slow.

The trolls that Biller mentions go above and beyond the previously mentioned form of trolling. "Patent trolls," as he calls them, hold patents to technologies and manufacturing processes that they will probably never use. Some trolls make six to seven digit figures based on abusing the patent system alone. Apple has been known to patent anything and everything that they can, but the real patent trolls have no real plans with these patents other than threatening other companies and making an absurd amount of money in the process. I am not a big legal buff and do not understand all of Biller's suggested solutions, but his first solution seems to plug a major loophole in the patent system. Without vague "umbrella" patents that cover every possible domain, patent trolls would have a much harder time abusing the system.
Posted by at No comments:

Day Twenty: An Update on our Group Progress

My group met at our usual time and place on Sunday to discuss our accomplishments and decide what to work on over spring break. Matt Vaveris and I decided to focus on bug #12653. This bug involves an Xbox 360 controller, and we both have access to such a controller. Julie will focus on bug #12594 because her laptop has a built-in Blu-Ray drive. David is looking into bug #12699 because the bug report itself is difficult to read. If the broken English cannot be deciphered, the report is useless and needs to be deleted. Jason was not able to attend the meeting, but he can work with David or Julie depending on the level of progress that is made respectively.

I was able to reproduce my bug on two different systems running Windows 7 with the latest updates. My laptop, running XBMC Eden Beta 2, experienced a crash exactly as the reporter described. Here are the steps to recreate:

  1. Plug in the controller and make sure that it is on (you need the appropriate drivers for Windows to recognize it).
  2. Start XBMC
  3. Unplug the controller and Alt+Tab out of XBMC
  4. Wait 3-4 minutes
  5. Bring focus back to XBMC
I tried this process again on my desktop PC, running XBMC Dharma, with a wireless Xbox 360 controller, and I experienced the same crash. I want to contribute to this bug report with my findings, but the webmaster for the XBMC forums must not be receiving my messages for some reason. The forums still mark me as a spammer, regardless of my email address (I have tried yahoo and multiple gmail accounts). Luckily, Matt has a username, so he can do the talking for us. It is surprising that a bug like this has persisted through Dharma and three beta builds.
Posted by at No comments:

Day Nineteen: Explaining the Code

Chapter 8 in the Teaching Open Source textbook is all about documentation. The information in this chapter is easy enough for a newcomer to understand, and it acts as a refresher for more experienced individuals.

Exercise 8.1.1: Practice Good Code Commenting
My team's first contribution to XBMC is an updated readme file with information that was simply left out and referenced in the forums. This is exactly the kind of thing that chapter 8 talks about. The information is there somewhere, but it is rarely easy to find. A well documented project simply takes all of the sources (mailing lists, IRC discussions, and wiki pages) and makes them readable and easily accessible. Open source projects are more approachable if they document this information for new and old users/developers alike.

Exercise 8.4: Plan Your Technical Document
The Nexus Mod Manager (NMM) that I mentioned in a much earlier blog post finally has some documentation in the form of a wiki page here. I still use NMM to this day for all of my Skyrim mods. Steam's workshop seems like a decent alternative, but I still feel attached to the nexus community. My plan was to add a wiki page that documents how to add non-NMM mods, but it appears that another user meatwad2021 already has this idea in mind. Under the "discussion" part of the wiki, meatwad has this to say:

"Considering the chaos that has ensued with Nebula's Skyrim HD 1.5 pack conversion from loose file style to the .bsa/.esp packaging, I've been creating a few new pages dealing with 7zip and SKSE. The next step is to teach users how to deal with files not offered with the Download with Manager option as is required for Nebula's 1.7Gb update. Sooooo, I'm going to take a crack at addding that section here to the existing page."

This update was posted on the 25th, so I might try to contact him and see if he would like some help. Even though my group chose XBMC as our FOSS project, I would still like to contribute to the Nexus community in some way.
Posted by at No comments:

Day Eighteen: RMH Homebase Continued

After wasting countless hours on a virtual machine running Ubuntu 10.04 and another virtual machine running Ubuntu 11.10, I finally got RMH Homebase to work on the 11.10 virtual machine. A fellow classmate of mine posted an install guide to his blog here. Although I followed very similar steps during my own installation attempts, his guide corrected whatever I was doing wrong.

The assignment for today is exercise 5.7 and 5.8 in the Software Development book.

Exercise 5.7: Debugging
As the book mentions, there are two places in RMH Homebase that display a shift's "notes" field for editing, calendar.php and calendarFam.php. Both of these modules include calendar.inc, so refactoring this "bad smell" should be as simple as adding a function to that file and replacing the old code with a function call. I added the following function to calendar.inc:


function predates($a, $b) {
return ($a->get_year()<$b->get_year() || ($a->get_year()==$b->get_year() && $a->get_day_of_year()<$b->get_day_of_year());
}

This function will return true if a's year is less than b's year or, in the case where both a and b are during the same year, a's day of the year is less than b's day of the year. In other words, this function returns true if a predates b. Unfortunately, the test file"testCalendar.php" is not present in my tests folder. I will have to hold off on unit testing until I can find a copy of this file or make a file of my own.

Exercise 5.8: Examining the Code
A. Sub Call Lists (SCLs) are viewed and edited through functions included in the module subCallList.php. In editShift.php, either "View Sub Call List" or"Generate Sub Call List" is displayed depending on whether the shift has an associated SCL or not. Here is the code:


if(!$shift->has_sub_call_list() || !(select_dbSCL($shift->get_id()) instanceof SCL)) {
echo "<input type=\"hidden\" name=\"_submit_generate_scl\" value=\"1\"><br>
<input type=\"submit\" value=\"Generate Sub Call List\" name=\"submit\"style=\"width: 250px\">";
}
else {
echo "<input type=\"hidden\" name=\"_submit_view_scl\" value=\"1\"><br>
<input type=\"submit\" value=\"View Sub Call List\" name=\"submit\" style=\"width: 250px\">";
}

As you can see from the if-else statement, not every shift has a sub call list.

B. Archived weeks are weeks that are set to the status "archived". The status can be set using the function set_status($s) to "unpublished," "published," or "archived." Calendar.php includes a statement that does not allow archived weeks to be edited by anyone. I cannot find any modules that call set_status($s). I only see if statements that check to see whether a week is archived in order to hide it from view.

Posted by at No comments:

Saturday, February 25, 2012

Day Seventeen: Group Planning

My group met at our usual time last Sunday and made a general outline of our schedule for the rest of the semester. I created and shared a Google calendar with every group member, so it is easy for any of us to edit any important events. We hope to address four additional bugs over the course of the semester and save a week or two for preparing a poster and the final presentation. A link to our schedule can be found here.

Back to RMH Homebase
I tried to get RMH Homebase running on my Ubuntu 10.04 virtual machine, but I am having difficulties with the MySQL server. Apache seems to be working fine, and PHP5 is pretty straight forward. I am not certain that MySQL is where my install fails, but it is the most likely cullprit. I will walk through the steps I took to install for reference. A link to the most helpful webpage that I found is here.

Download RMHHomebase 1.5 from the sourceforge page

Install tasksel and then the LAMP stack

$ sudo apt-get install tasksel
$ sudo tasksel install lamp-server



Set MySQL root password
$ mysql -u root

At the mysql console type:
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');
mysql> CREATE DATABASE rmh15DB;
mysql> GRANT ALL PRIVILEGES ON *.* TO 'yourusername'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
mysql> \q


Install phpMyAdmin

$ sudo apt-get install phpmyadmin
$ sudo nano /etc/apache2/apache2.conf
note: add "Include /etc/phpmyadmin/apache.conf" to apache2.conf

Follow the directions in README1.5.pdf
Posted by at No comments:

Day Sixteen: Bad Smells

Exercises 5.1-5.3 in Software Development: An Open Source Approach involve finding and fixing various "bad smells" in the example software, RMH Homebase. As with most open source exercises, the first step is to download the source code. Install Mercurial and checkout RMH Homebases' repository on sourceforge.

$ sudo apt-get install mercurial
$ hg clone http://rmhhomebase.hg.sourceforge.net:8000/hgroot/rmhhomebase/rmhhomebase

Find and fix the "Bad Smells"

Long Method: A method should do one thing and only one thing. addWeek.php violates this rule of thumb  by accepting various parameters, such as publish, reset, and remove in order to change the main function's actions.

if($_GET['publish'] && $_SESSION['access_level']>=2) { $id=$_GET['publish']; $week=get_dbWeeks($id); if ($week->get_status() == "unpublished") $week->set_status("published"); else if ($week->get_status() == "published") $week->set_status("unpublished"); update_dbWeeks($week); add_log_entry(''.$_SESSION['f_name'].' '.$_SESSION['l_name'].' ' . $week->get_status().' the week of get_id().'&edit=true\">'.$week->get_name().'.'); echo"
Week \"".$week->get_name()."\" " . $week->get_status() . ".
Back"; } // resets a week if the user is a manager else if($_GET['reset'] && $_SESSION['access_level']>=2) { $id=$_GET['reset']; $week=get_dbWeeks($id); delete_dbWeeks($week); add_log_entry(''.$_SESSION['f_name'].' '.$_SESSION['l_name'].' reset the week of get_id().'&edit=true\">'.$week->get_name().'.'); generate_populate_and_save_new_week(substr($id,0,2),substr($id,3,2),substr($id,6,2), $week->get_weekday_group(),$week->get_weekend_group(), $week->get_family_room_group()); echo "
Week \"".$week->get_name()."\" reset.
Back"; } else if ($_GET['remove'] && $_SESSION['access_level']>=2) { $id=$_GET['remove']; $week=get_dbWeeks($id); if ($week->get_status()=="unpublished" || $week->get_status()=="archived") { delete_dbWeeks($week); add_log_entry(''.$_SESSION['f_name'].' '.$_SESSION['l_name'].' removed the week of get_id().'&edit=true\">'.$week->get_name().'.'); echo "
Week \"".$week->get_name()."\" removed.
Back"; } else echo "
Week \"".$week->get_name()."\" is published, so it cannot be removed.
Back"; }


This code tries to do three different actions in one function. The easiest fix is to separate these actions into their own functions. The goal is to have high cohesion.

Too Few Comments: Having looked through most of the code, it is safe for me to say that this software has too few comments overall. Some files, such as personEdit.php, have a decent number of comments. The comments do a good job explaining "why" instead of "how" something is done.  A pair of fresh eyes can look at personEdit.php and get a sense of what is happening and why is it important. In my Operating Systems class, students are encouraged to comment all but the most obvious lines of code. An instance variable "counter," when used with a loop, is obviously a counter. Commenting every line would classify as too many comments, and this is also a "bad smell." personEdit.php finds a point in the middle of both extremes.

Other files, such as editMasterSchedule.php, only have a few comments for hundreds of lines of code. Maintenance accounts for a large percentage of a software's life cycle; therefore, good documentation is necessary in order to reduce maintenance  costs and avoid future hassles. The function get_day_names() in editMasterSchedule.php is a simple example of too few comments. Monday through Friday are determined through a very similar process via if statements, but Saturday introduces a substring method that is not used for any other day of the week. Why? If there is something intrinsically different about Saturday that requires it to be handled differently than a weekday, a comment should reflect that. Given a few months, it is difficult to forget even your own code. Comments increase readability and reduce maintenance costs. It might take a few extra seconds to type a comment, but the benefits are well worth this extra coding time.

Data Clumps: A data clump occurs when several variables consistently appear together. The only data clump that I can find in this code is related to the date. Month, day, and year are kept together in a date object, but the string name and three character abbreviation are also used to identify days. The function get_day_names in editMasterSchedule.php assigns these string identifiers manually, but this could easily be done in a custom date object.

Speculative Generality: Speculative generality is defined as "inserting features into the code for functionality that is not part of the current requirements." Having looked over chapter 5, appendix A, and RMH Homebase's source code, I have not noticed any included features that are not part of the requirements.
Posted by at No comments:

Thursday, February 16, 2012

Day Fifteen: Software Architecture

Chapter 4 in our textbook, Software Development An Open Source Approach, reintroduces many themes and ideas that were previously mentioned in several earlier computer science courses. The recurrence of this information suggests that it is vital to good software engineering practices. For this blog post, I will provide a brief outline of chapter 4, mainly for my benefit, but also for the benefit of others.

4.1  Architectural Patterns

  • Multi-Tier pattern: "GUI components are isolated within the user interface layer and database interactions are isolated within the database layer."
  • Client-Server pattern: "separates the functionality of a typical user of the system from that of the server that hosts the database that all users access."
  • Transaction Processing pattern: "useful for systems that accept a stream of transactions and process each transaction fully before moving on to the next." ex. ATM
  • Model-View-Controller (MVC) pattern: "separate the functionality (the model) that underlies the user interface form the code that controls how the user sees (the view) and interacts with (the controller) the system."
4.2  Layers, Cohesion, and Coupling
  • The Layering Principle: "each component appears in a single layer; the user sits at the top layer and the database is at the bottom layer."
    • "allows developers to visualize the system as a small umber of interconnected vertical layers."
  • The Maximum Cohesion Principle: "All the functions that relate to a single concept are gathered into a single module or class. A software architecture is maximally cohesive if all its modules and classes are cohesive in this way."
  • The Minimum Coupling Principle: "Two modules are coupled if either one shares information or receives services directly from the other. A software system is minimally coupled when the number of interaction between all pairs of modules is kept to a minimum."

4.3  Security
  • "The first step in ensuring security is to understand the client's requirement that the new software protect confidential and other sensitive information form unauthorized access. A software security policy must be defined for the new system that implements that requirement, and the software must incorporate that policy in a transparent and verifiable way."
4.3.1  Architectural Vulnerabilities
  • "Common types of software flaws that lead to vulnerabilities include:"
    • "Memory safety violations, such as buffer overflows and dangling pointers"
    • "Input validation errors, such as format string bugs, SQL injection, code injection, e-mail injection, directory traversal, cross-site scripting in Web applications, HTTP header injection, and HTTP response splitting."
    • "Race conditions, such as time-of-check-to-time-of-use bugs and symlink races"
    • "Privilege-confusion bugs, such as cross-site request forgery in Web applications, clickjacking, and FTP bounce attack"
    • "Privilege escalation"
    • "User interface failures, such as user conditioning, blaming the victim, and race conditions"
4.3.2  User-Level Security
  • "When reviewing the security aspects of a software system, we need to ensure that the system enforces the following constraints on users:"
    • "Each authenticated user has a unique login id and password, and access to all system functions is provided only after the person enters his/her id and password
    • "Each authenticated user has access to only those system functions that are appropriate for their level of access, and no others."
    • "Each visitor to the system has access only to those system functions that are appropriate for the general public to access."
4.4  Concurrency, Race Conditions, and Deadlocks
  • Many synchronization problems can be avoided with a technique called "locking"
    • Locking: "Any session accessing a resource (table or row) in a database gains exclusive control of (a "lock" on) that resource throughout the time required to complete that access (read, write, or update). If a second session tries to access the same resource while the first session has a lock on it, the second session's request is put into a queue until the lock is released. All requests for access to the same resource are handled in a first-come-first-served order."
Posted by at No comments:
Subscribe to: Posts (Atom)