Tech Dose of the Day Ruby on Rails, WIKI, XSS, JSON, Web 2.0, DOJO, Fixed-Bid & Time-and-Materials, CODEC, AJAX, RAID, etc.
Contributed by M&E (Media & Entertainment Delivery) Group (MphasiS Software Services) Ruby on Rails What is Ruby on Rails ? Ruby on Rails is a free web application framework that aims to increase the speed and ease with which database-driven web sites can be created and offers skeleton code frameworks (scaffolding) from the outset. Often shortened to Rails, or RoR, Ruby on Rails is an open source project written in the Ruby programming language, and applications using the Rails framework are developed using the Model-View-Controller architecture. What is its significance and technicalities? Ruby on Rails led the charge among next-generation web application frameworks, popularizing features that are now considered standard, such as scaffolding, object-relational mapping and simple installation. Other projects such as Django and TurboGears followed suit. The fundamental Ruby on Rails principles include Convention over Configuration (CoC) and Don't repeat yourself (DRY). Convention over Configuration means a developer only needs to specify unconventional aspects of the application. For example, if there's a class Sale in the model, the corresponding table in the database is called sales by default. It is only if one deviates from this convention, such as calling the table "products_sold", that one needs to write code regarding these names. Don't repeat yourself means that information is located in a single, unambiguous place. For example, using ActiveRecord, the developer does not need to specify database column names in class definitions. Instead, Ruby can retrieve this information from the database. Because of these defaults, Rails is often referred to as "opinionated software", which has been a point of contention for many critics of Rails. Like many contemporary web frameworks, Rails uses the Model-View-Controller (MVC) architecture for organising application programming. Rails provides 'out of the box' scaffolding which can quickly construct most of the models and views needed for a basic website. Other helpful development tools come with or are installed with Rails, such as the WEBrick web server, and the Rake build system. Rails is also noteworthy for its extensive use of the JavaScript libraries Prototype and Script.aculo.us for Ajax and its graphical interface. For web services Rails initially supported lightweight SOAP; later it was replaced by RESTful web services. The recommended REST based programming structure changes drastically in version 1.2 . Some of the projects using Rails - Basecamp online project management BBC Programme Catalogue video and audio archives from BBC television and radio Blurb.com personal book publishing ChaCha.com - a human-powered search engine Justin.tv - A live video streaming platform OpenCongress Aggregated news and official data bout the US Congress Penny Arcade gamer-humor webcomic Revolution Health a health portal Twitter micro-blogging service yellowpages.com US telephone directory Further References Wikipedia : http://en.wikipedia.org/wiki/Ruby_on_Rails Ruby on Rails Home : http://www.rubyonrails.org/ Justify your choice of RoR : http://rubythis.blogspot.com/2006/12/justify-your-choice-of-ruby-on-rails.html WIKI What is WIKI ? A wiki is a medium which can be edited by anyone with access to it, and provides an easy method for linking from one page to another. Wikis are typically collaborative websites, though there are now also single-user offline implementations. Ward Cunningham, developer of the first wiki, WikiWikiWeb, originally described it as "the simplest online database that could possibly work". One of the best-known wikis is Wikipedia. A wiki enables documents to be written collaboratively, in a simple markup language using a web browser. A single page in a wiki is referred to as a "wiki page", while the entire body of pages, which are usually highly interconnected via hyperlinks, is "the wiki". A wiki is essentially a database for creating, browsing and searching information. A defining characteristic of wiki technology is the ease with which pages can be created and updated. Generally, there is no review before modifications are accepted. Many wikis are open to the general public without the need to register any user account. Sometimes session log-in is requested to acquire a "wiki-signature" cookie for autosigning edits. Many edits, however, can be made in real-time, and appear almost instantaneously online. This can lead to abuse of the system. Private wiki servers require user authentication to edit, sometimes even to read pages. What is its usefulness? Why wiki? Well.. Some of the innumerable reasons - Creating a knowledge base on a specific topic. Writing documentation or a FAQ. Collaborative writing. Product reviews and comparisons. Creating how-tos. Developing new languages and dictionaries. Sharing tips and advice. Discussion of theories. Communication between and within communities. Creating an easily searchable, linkable, and editable website. Further References wikipedia - http://wikipedia.org/ wiki on wiki - http://en.wikipedia.org/wiki/Wiki The wiki wiki web - http://c2.com/cgi/wiki?WikiWikiWeb XSS What is XSS ? Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. When Netscape first introduced the JavaScript language, they realized the security risks of allowing a Web server to send executable code to a browser (even if only in a browser sandbox). One key problem with this is the case where users have more than one browser window open at once. In some instances, a script from one page should be allowed to access data from another page or object, but in others, this should be strictly forbidden, as a malicious Web site could attempt to steal sensitive information this way. In order to fix this problem, browsers introduced the same origin policy. Essentially, this policy allows any interaction between objects and pages that originated from the same domain and over the same protocol. That way, a malicious Web site would not be able to access sensitive data in another browser window via JavaScript. Since then, other similar access-control policies have been adopted in other browsers and client-side scripting languages to protect users from malicious Web sites. In general, cross-site scripting holes can be seen as vulnerabilities present in web pages which allow attackers to bypass these mechanisms. By finding clever ways of injecting malicious script into pages served by other domains, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other objects. How can this be mitigated? Encode all HTML special characters in potentially malicious data. Input validation of all potentially malicious data sources. If your web app is written to operate completely without the need for client-side scripts, the better. Further References Wikipedia - http://en.wikipedia.org/wiki/Cross-site_scripting XSS FAQ - http://www.cgisecurity.com/articles/xss-faq.shtml Some more info - http://www.owasp.org/index.php/Cross_Site_Scripting JSON What is JSON ? JSON (JavaScript Object Notation) (Pronounced like Jason) is a lightweight computer data interchange format. It is a text-based, human-readable format for representing simple data structures and associative arrays (called objects). The official Internet media type for JSON is "application/json". The JSON format is often used for transmitting structured data over a network connection in a process called serialization. Its main application is in Ajax web application programming, where it serves as an alternative to the traditional use of the XML format. Although JSON was based on a subset of the JavaScript programming language, and is commonly used with that language, it is considered to be a language-independent data format. Code for parsing and generating JSON data is readily available for a large variety of programming languages. The www.json.org provides a comprehensive listing of existing JSON bindings, organized by language. What is its usefulness? Simplicity - JSON has a small grammar and maps more directly into the data structures used in modern programming languages. Self describing - JSON is human readable, and the data is self-describing in nature. Extensibility - JSON is not extensible, as it does not need to be. JSON is not a Document Markup Language (like HTML / XML), and so it is not necessary to define new tags or attributes to represent data in it. Interoperability - JSON has the same interoperability potential as XML. Openness - JSON is as open as XML; perhaps more so 'cos its not in the center of corporate/ploitical standardization struggles. Further References Wikipedia - http://en.wikipedia.org/wiki/JavaScript_Object_Notation JSON Homepage - http://www.json.org/ Mastering JSON - http://www.hunlock.com/blogs/Mastering_JSON_(_JavaScript_Object_Notation _) Web 2.0 What is Web 2.0? Web 2.0, refers to a perceived second generation of web-based communities and hosted services such as social-networking sites, wikis and folksonomies which aim to facilitate collaboration and sharing between users. The term became popular following the first O'Reilly Media Web 2.0 conference in 2004. Although the term suggests a new version of the World Wide Web, it does not refer to an update to any technical specifications, but to changes in the ways software developers and end-users use the web. According to Tim O'Reilly, "Web 2.0 is the business revolution in the computer industry caused by the move to the internet as platform, and an attempt to understand the rules for success on that new platform." In alluding to the version-numbers that commonly designate software upgrades, the phrase "Web 2.0" hints at an improved form of the World Wide Web. Technologies such as weblogs, social bookmarking, wikis, podcasts, RSS feeds (and other forms of many-to-many publishing), social software, web application programming interfaces (APIs), and online web services such as eBay and Gmail provide a significant enhancement over read-only websites. Stephen Fry (actor, author and broadcaster) describes Web 2.0 as "an idea in peoples heads rather than a reality. Its actually an idea that the reciprocity between the user and the provider is whats emphasized. In other words, genuine interactivity if you like, simply because people can upload as well as download". Web 2.0 websites typically include some of these features: Rich Internet application techniques, often Ajax-based. Semantically valid XHTML and HTML markup. Microformats enriching pages with additional semantics. Folksonomies (in the form of tags or tagclouds, for example). Cascading Style Sheets to separate presentation from content. REST and/or XML- and/or JSON-based APIs. Syndication, aggregation and notification of data in RSS or Atom feeds. Mashups, merging content from different sources, client- and server-side. Weblog publishing tools. Wiki or forum software, etc., to support user generated content. OpenID for transferrable user identity. Use of Open source software, such as the LAMP stack. What is its usefulness? Web Based Applications and Desktops The richer user-experience afforded by Ajax has prompted the development of websites that mimic personal computer applications, such as word processing, the spreadsheet, and slide-show presentation. WYSIWYG wiki sites replicate many features of PC authoring applications. Still other sites perform collaboration and project management functions. In 2006 Google, Inc. acquired one of the best-known sites of this broad class, Writely. Several browser-based "operating systems" or "online desktops" have also appeared. They essentially function as application platforms, not as operating systems per se. These services mimic the user experience of desktop operating-systems, offering features and applications similar to a PC environment. They have as their distinguishing characteristic the ability to run within any modern browser. Rich Internet Applications:- Recently, many rich-Internet application techniques such as Ajax, Adobe Flash, Flex, Nexaweb, OpenLaszlo and Silverlight have evolved that can improve the user-experience in browser-based applications. These technologies allow a web-page to request an update for some part of its content, and to alter that part in the browser, without needing to refresh the whole page at the same time. XML and RSS:- Advocates of Web 2.0 may regard syndication of site content as a Web 2.0 feature, which permit end-users to make use of a site's data in another context (such as another website, a browser plugin, or a separate desktop application). Protocols which permit syndication include RSS (Really Simple Syndication also known as "web syndication"), RDF (as in RSS 1.1), and Atom, all of them XML-based formats. Observers have started to refer to these technologies as "Web feed" as the usability of Web 2.0 evolves and the more user-friendly Feeds icon supplants the RSS icon. Further References Wikipedia - http://en.wikipedia.org/wiki/Web_2 What is Web 2.0 : by Tim O'Reilly - http://www.oreilly.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html DOJO What is DOJO? The Dojo toolkit is a modular open source JavaScript toolkit (or library), designed to ease the rapid development of JavaScript- or Ajax-based applications and web sites. Dojo is a small, tight toolkit that its performance alone makes it an ideal platform to extend and build on. What is its usefulness? >From pane-based layouts to client-side charting & graphing to data binding to a time-tested module system, Dojo is solid infrastructure for delivering great experiences. Everything is customizable easily with CSS, but very little needs to be tweaked to get a great experience, not only to users, but also to designers and developers. Object Oriented Class Helpers - JavaScript uses prototype-based, not class-based, object orientation natively. Dojo essentially builds a class system on top, adding great features like inheritance, encapsulation, mixing classes, and more. This will make Java and C# programmers feel at home, and help build solid Enterprise-level applications. Following are a few of many - Dojo.data - The Data module is an abstraction layer that makes gathering data from outside sources consistent. Reading from a database or web service uses the same base calls. You can write pluggable data modules for your own sources. XHR (Ajax) - Dojo adds a nice wrapper around native XmlHttpRequest services. Often you can boil an XHR message-pass with one function call. The data is given to you in text, XML, or in a JavaScript object via JSON. Drag and Drop - Often the bane of DHTML applications, drag and drop services are essential for easy user interaction. Dojo's DnD layer is fast, cross-platform, and very straightforward. Dojo.query - Finding and manipulating HTML fragments is difficult. But Dojo. Query makes it as easy as CSS. You can write sophisticated selectors, and then apply an operation to all of them in one step. Back button handling - dojo.back saves your application from nervous users trying to use the Back button. One-page apps can destroy data at one touch of the back button. dojo.back alters the behavior of Back to make it less likely. Further References Dojo - http://en.wikipedia.org/wiki/Dojo_Toolkit Dojo official website - http://www.dojotoolkit.org/ Commonly used Widgets - http://dojotoolkit.org/book/dojo-book-0-9/part-2-dijit/advanced-editing-and-display Fixed-Bid & Time-and-Materials What is Fixed-Bid & Time-and-Materials? There are essentially two types of billing for contract work: Fixed-Bid or Time-and-Materials. Fixed-Bid:- A Fixed Bid contract is just like it sounds. You bid that you can do a defined set of work for a fixed amount of money. Time-and-Materials:- A Time & Materials contract is similar to being an hourly employee, at least in that you are paid a set rate for the actual hours that you worked, and you may be reimbursed for specific expenses such as hardware that you purchase for the company. You don't work, you don't get paid. What is its pros and cons? In Fixed-Bid projects, if you are more efficient at doing the work, you make more money per hour of work done. If you are inefficient, or worse, overlooked something about the project (or you allowed scope-creep), you can spend a lot of time and end up bringing your effective rate per hour way down, possibly even losing money on the project if you really blow it. In T&M, if you are efficient, you might make less money overall, but if scope-creep enters in, you still get paid for all of your work. Further References Time-and-Materials, Labor-Hour, and Letter Contracts - http://www.arnet.gov/far/current/html/Subpart%2016_6.html Contracting Tips: Fixed Bid vs. T&M - http://weblogs.sqlteam.com/markc/archive/2004/01/03/683.aspx Time & Materials - http://guidebook.dcma.mil/8/T_M_LH_CONTRACTS_Kevin_Cox.ppt When do you give Fixed Bid - http://www.sitepoint.com/blogs/2005/05/11/when-do-you-give-fixed-bid/ CODEC What is Codec? A codec is a device or program capable of performing encoding and decoding on a digital data stream or signal. The word codec may be a combination of any of the following: 'Compressor-Decompressor', 'Coder-Decoder', or 'Compression/Decompression algorithm'. Audio Codec:- An audio codec is a computer program that compresses/decompresses digital audio data according to a given audio file format or streaming audio format. Most codecs are implemented as libraries which interface to one or more multimedia players, such as XMMS, Winamp or Windows Media Player. In some contexts, the term "audio codec" can refer to a hardware implementation or sound card. When used in this manner, the phrase audio codec refers to the device encoding an analog audio signal to a digital audio signal, or decoding an analog audio signal from a digital audio signal. Thus, in such a context, the term is actually referring to a combined audio AD/DA converter. One example is Intel Corporation's AC'97 standard, which comprises a digital controller paired with an analog unit. Video Codec:- A video codec is a device or software that enables video compression and or decompression for digital video. The compression usually employs lossy data compression. Historically, video was stored as an analog signal on magnetic tape. Around the time when the compact disc entered the market as a digital-format replacement for analog audio, it became feasible to also begin storing and using video in digital form, and a variety of such technologies began to emerge. Audio and video call for customized methods of compression. Engineers and mathematicians have tried a number of solutions for tackling this problem. There is a complex balance between the video quality, the quantity of the data needed to represent it, also known as the bit rate, the complexity of the encoding and decoding algorithms, robustness to data losses and errors, ease of editing, random access, the state of the art of compression algorithm design, end-to-end delay, and a number of other factors. What is its usefulness? In daily life, digital video codecs are found in DVD (MPEG-2), VCD (MPEG-1), in emerging satellite and terrestrial broadcast systems, and on the Internet. Online video material is encoded in a variety of codecs, and this has led to the availability of codec packs - a pre-assembled set of commonly used codecs combined with an installer available as a software package for PCs. Encoding media by the public has seen an upsurge with the availability of DVD-writers. Since commercially available DVDs are usually dual-layer, and hence bigger than the more common single layer writable DVDs, it is often the case that the material has to be compressed again, sacrificing quality so that the media will fit onto a single disc. Further References Codec - http://en.wikipedia.org/wiki/Codec Audio Codec - http://en.wikipedia.org/wiki/Audio_codec Video Codec - http://en.wikipedia.org/wiki/Video_codec AJAX What is AJAX? Ajax, or AJAX, is a web development technique used for creating interactive web applications. The intent is to make web pages feel more responsive by exchanging small amounts of data with the server behind the scenes, so that the entire web page does not have to be reloaded each time the user requests a change. This is intended to increase the web page's interactivity, speed, functionality, and usability. AJAX stands for Asynchronous Javascript And XML. Ajax is asynchronous in that XML data loading does not interfere with normal HTML and JavaScript page loading. JavaScript is the programming language in which Ajax function calls are made. Data retrieved using the technique is commonly formatted using XML, as reflected in the naming of the XMLHttpRequest object from which Ajax is derived. Ajax is a cross-platform technique usable on many different operating systems, computer architectures, and Web browsers as it is based on open standards such as JavaScript and XML, together with open source implementations of other required technologies. What is its usefulness? Bandwidth usage:- By generating the HTML locally within the browser, and only bringing down JavaScript calls and the actual data, Ajax web pages can appear to load relatively quickly since the payload coming down is much smaller in size, and the rest of the layout does not have to be redrawn on each update. An example of this technique is a large result set where multiple pages of data exist. With Ajax, the HTML of the page (e.g., a table structure with related TD and TR tags) can be produced locally in the browser and not brought down with the first page of the document.In addition to "load on demand" of contents, some web-based applications load stubs of event handlers and then load the functions on the fly. This technique significantly cuts down the bandwidth consumption for web applications. Separation of data, format, style, and function:- A less specific benefit of the Ajax approach is that it tends to encourage programmers to clearly separate the methods and formats used for the different aspects of information delivery via the web. Although Ajax can appear to be a jumble of languages and techniques, and programmers are free to adopt and adapt whatever works for them, they are generally propelled by the development motive itself to adopt separation among the following: 1. Raw data or content to be delivered, which is normally embedded in XML and sometimes derived from a server-side database. 2. Format or structure of the webpage, which is almost always built in HTML or XHTML and is then reflected and made available to dynamic manipulation in the DOM. 3. Style elements of the webpage: everything from fonts to picture placement are derived by reference to embedded or referenced CSS. 4. Functionality of the webpage, which is provided by a combination of: 1. Javascript on the client browser (also called DHTML), 2. Standard HTTP and XMLHttp or client-to-server communication, and 3. Server-side scripting and/or programs using any suitable language preferred by the programmer to receive the client's specific requests and respond appropriately. Further References AJAX Programming : Wikipedia - http://en.wikipedia.org/wiki/Ajax_(programming) AJAX Tutorial - http://www.w3schools.com/ajax/default.asp A site for AJAX Freaks - http://www.ajaxfreaks.com/ RSS What is RSS? "RSS" refers to - Really Simple Syndication (or) RDF Site Summary (or) Rich Site Summary. RSS is a family of Web feed formats used to publish frequently updated content such as blog entries, news headlines etc. An RSS document, which is called a "feed", "web feed", or "channel", contains either a summary of content from an associated web site or the full text. RSS formats are specified using XML, a generic specification for the creation of data formats. RSS content can be read using software called a "feed reader" or an "aggregator." The user subscribes to a feed by entering the feed's link into the reader or by clicking an RSS icon in a browser that initiates the subscription process. The reader checks the user's subscribed feeds regularly for new content, downloading any updates that it finds. What is its usefulness? RSS makes it possible for people to keep up with their favorite web sites in an automated manner, that's easier than checking them manually. It's not just for news, but pretty much anything that can be broken down into discrete items can be syndicated via RSS: the "recent changes" page of a wiki, a changelog of CVS checkins, even the revision history of a book. Once information about each item is in RSS format, an RSS-aware program can check the feed for changes and react to the changes in an appropriate way. RSS solves a problem for people who regularly use the web. It allows you to easily stay informed by retrieving the latest content from the sites you are interested in. You save time by not needing to visit each site individually, and you ensure your privacy, by not needing to join each site's email newsletter. Further References A comprehensive overview and links: http://blogspace.com/rss/ What is RSS, and Why Should You Care?: http://blog.contentious.com/archives/000038.html XML.com - What is RSS?: http://www.xml.com/pub/a/2002/12/18/dive-into-xml.html WebReference.com - Introduction to RSS: http://www.webreference.com/authoring/languages/xml/rss/intro/ Syndic8 - Directory of RSS Feeds: http://www.syndic8.com/feedcat.php RAID What is RAID? RAID (Redundant Array of Independent Disks; originally Redundant Array of Inexpensive Disks) is a way of storing the same data in different places (thus, redundantly) on multiple hard disks. What is its usefulness? By placing data on multiple disks, I/O (input/output) operations can overlap in a balanced way, improving performance. Since multiple disks increase the mean time between failures (MTBF), storing data redundantly also increases fault tolerance. A RAID appears to the operating system to be a single logical hard disk. RAID employs the technique of disk striping, which involves partitioning each drive's storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order. In a single-user system where large records, such as medical or other scientific images, are stored, the stripes are typically set up to be small (perhaps 512 bytes) so that a single record spans all disks and can be accessed quickly by reading all disks at the same time. In a multi-user system, better performance requires establishing a stripe wide enough to hold the typical or maximum size record. This allows overlapped disk I/O across drives. What are the types of RAID? There are at least nine types of RAID plus a non-redundant array (RAID-0): RAID-0: This technique has striping but no redundancy of data. It offers the best performance but no fault-tolerance. RAID-1: This type is also known as disk mirroring and consists of at least two drives that duplicate the storage of data. There is no striping. Read performance is improved since either disk can be read at the same time. Write performance is the same as for single disk storage. RAID-1 provides the best performance and the best fault-tolerance in a multi-user system. RAID-2: This type uses striping across disks with some disks storing error checking and correcting (ECC) information. It has no advantage over RAID-3. RAID-3: This type uses striping and dedicates one drive to storing parity information. The embedded error checking (ECC) information is used to detect errors. Data recovery is accomplished by calculating the exclusive OR (XOR) of the information recorded on the other drives. Since an I/O operation addresses all drives at the same time, RAID-3 cannot overlap I/O. For this reason, RAID-3 is best for single-user systems with long record applications. RAID-4: This type uses large stripes, which means you can read records from any single drive. This allows you to take advantage of overlapped I/O for read operations. Since all write operations have to update the parity drive, no I/O overlapping is possible. RAID-4 offers no advantage over RAID-5. RAID-5: This type includes a rotating parity array, thus addressing the write limitation in RAID-4. Thus, all read and write operations can be overlapped. RAID-5 stores parity information but not redundant data (but parity information can be used to reconstruct data). RAID-5 requires at least three and usually five disks for the array. It's best for multi-user systems in which performance is not critical or which do few write operations. RAID-6: This type is similar to RAID-5 but includes a second parity scheme that is distributed across different drives and thus offers extremely high fault- and drive-failure tolerance. RAID-7: This type includes a real-time embedded operating system as a controller, caching via a high-speed bus, and other characteristics of a stand-alone computer. One vendor offers this system. RAID-10: Combining RAID-0 and RAID-1 is often referred to as RAID-10, which offers higher performance than RAID-1 but at much higher cost. There are two subtypes: In RAID-0+1, data is organized as stripes across multiple disks, and then the striped disk sets are mirrored. In RAID-1+0, the data is mirrored and the mirrors are striped. RAID-50 (or RAID-5+0): This type consists of a series of RAID-5 groups and striped in RAID-0 fashion to improve RAID-5 performance without reducing data protection. RAID-53 (or RAID-5+3): This type uses striping (in RAID-0 style) for RAID-3's virtual disk blocks. This offers higher performance than RAID-3 but at much higher cost. RAID-S (also known as Parity RAID): This is an alternate, proprietary method for striped parity RAID from EMC Symmetrix that is no longer in use on current equipment. It appears to be similar to RAID-5 with some performance enhancements as well as the enhancements that come from having a high-speed disk cache on the disk array. Further References http://en.wikipedia.org/wiki/RAID http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci214332,00.html Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in