How-To Tutorials

(For more resources related to this topic, see here.) In this modern world of JavaScript, Ext JS is the best JavaScript framework that includes a vast collection of cross-browser utilities, UI widgets, charts, data object stores, and much more. When developing an application, we mostly look for the best functionality support and components that offer it to the framework. But we usually face situations wherein the framework lacks the specific functionality or component that we need. Fortunately, Ext JS has a powerful class system that makes it easy to extend an existing functionality or component, or build new ones altogether. What is a plugin? An Ext JS plugin is a class that is used to provide additional functionalities to an existing component. Plugins must implement a method named init, which is called by the component and is passed as the parameter at the initialization time, at the beginning of the component's lifecycle. The destroy method is invoked by the owning component of the plugin, at the time of the component's destruction. We don't need to instantiate a plugin class. Plugins are inserted in to a component using the plugin's configuration option for that component. Plugins are used not only by components to which they are attached, but also by all the subclasses derived from that component. We can also use multiple plugins in a single component, but we need to be aware that using multiple plugins in a single component should not let the plugins conflict with each other. What is an extension? An Ext JS extension is a derived class or a subclass of an existing Ext JS class, which is designed to allow the inclusion of additional features. An Ext JS extension is mostly used to add custom functionalities or modify the behavior of an existing Ext JS class. An Ext JS extension can be as basic as the preconfigured Ext JS classes, which basically supply a set of default values to an existing class configuration. This type of extension is really helpful in situations where the required functionality is repeated at several places. Let us assume we have an application where several Ext JS windows have the same help button at the bottom bar. So we can create an extension of the Ext JS window, where we can add this help button and can use this extension window without providing the repeated code for the button. The advantage is that we can easily maintain the code for the help button in one place and can get the change in all places. Differences between an extension and a plugin The Ext JS extensions and plugins are used for the same purpose; they add extended functionality to Ext JS classes. But they mainly differ in terms of how they are written and the reason for which they are used. Ext JS extensions are extension classes or subclasses of Ext JS classes. To use these extensions, we need to instantiate these extensions by creating an object. We can provide additional properties, functions, and can even override any parent member to change its behavior. The extensions are very tightly coupled to the classes from which they are derived. The Ext JS extensions are mainly used when we need to modify the behavior of an existing class or component, or we need to create a fully new class or component. Ext JS plugins are also Ext JS classes, but they include the init function. To use the plugins we don't need to directly instantiate these classes; instead, we need to register the plugins in the plugins' configuration option within the component. After adding, the options and functions will become available to the component itself. The plugins are loosely coupled with the components they are plugged in, and they can be easily detachable and interoperable with multiple components and derived components. Plugins are used when we need to add features to a component. As plugins must be attached to an existing component, creating a fully new component, as done in the extensions, is not useful. Choosing the best option When we need to enhance or change the functionality of an existing Ext JS component, we have several ways to do that, each of which has both advantages and disadvantages. Let us assume we need to develop an SMS text field having a simple functionality of changing the text color to red whenever the text length exceeds the allocated length for a message; this way the user can see that they are typing more than one message. Now, this functionality can be implemented in three different ways in Ext JS, which is discussed in the following sections. By configuring an existing class We can choose to apply configuration to the existing classes. For example, we can create a text field by providing the required SMS functionality as a configuration within the listener's configuration, or we can provide event handlers after the text field is instantiated with the on method. This is the easiest option when the same functionality is used only at a few places. But as soon as the functionality is repeated at several places or in several situations, code duplication may arise. By creating a subclass or an extension By creating an extension, we can easily solve the problem as discussed in the previous section. So, if we create an extension for the SMS text field by extending the Ext JS text field, we can use this extension at as many places as we need, and can also create other extensions by using this extension. So, the code is centralized for this extension, and changing one place can reflect in all the places where this extension is used. But there is a problem: when the same functionality is needed for SMS in other subclasses of Ext JS text fields such as Ext JS text area field, we can't use the developed SMS text field extension to take advantage of the SMS functionality. Also, assume a situation where there are two subclasses of a base class, each of which provides their own facility, and we want to use both the features on a single class, then it is not possible in this implementation. By creating a plugin By creating a plugin, we can gain the maximum re-use of a code. As a plugin for one class, it is usable by the subclasses of that class, and also, we have the flexibility to use multiple plugins in a single component. This is the reason why if we create a plugin for the SMS functionality we can use the SMS plugin both in the text field and in the text area field. Also, we can use other plugins, including this SMS plugin, in the class. Building an Ext JS plugin Let us start developing an Ext JS plugin. In this section we will develop a simple SMS plugin, targeting the Ext JS textareafield component. The feature we wish to provide for the SMS functionality is that it should show the number of characters and the number of messages on the bottom of the containing field. Also, the color of the text of the message should change in order to notify the users whenever they exceed the allowed length for a message. Here, in the following code, the SMS plugin class has been created within the Examples namespace of an Ext JS application: Ext.define('Examples.plugin.Sms', { alias : 'plugin.sms', config : { perMessageLength : 160, defaultColor : '#000000', warningColor : '#ff0000' }, constructor : function(cfg) { Ext.apply(this, cfg); this.callParent(arguments); }, init : function(textField) { this.textField = textField; if (!textField.rendered) { textField.on('afterrender', this.handleAfterRender, this); } else { this.handleAfterRender(); } }, handleAfterRender : function() { this.textField.on({ scope : this, change : this.handleChange }); var dom = Ext.get(this.textField.bodyEl.dom); Ext.DomHelper.append(dom, { tag : 'div', cls : 'plugin-sms' }); }, handleChange : function(field, newValue) { if (newValue.length > this.getPerMessageLength()) { field.setFieldStyle('color:' + this.getWarningColor()); } else { field.setFieldStyle('color:' + this.getDefaultColor()); } this.updateMessageInfo(newValue.length); }, updateMessageInfo : function(length) { var tpl = ['Characters: {length}<br/>', 'Messages: {messages}'].join(''); var text = new Ext.XTemplate(tpl); var messages = parseInt(length / this.getPerMessageLength()); if ((length / this.getPerMessageLength()) - messages > 0) { ++messages; } Ext.get(this.getInfoPanel()).update(text.apply({ length : length, messages : messages })); }, getInfoPanel : function() { return this.textField.el.select('.plugin-sms'); } }); In the preceding plugin class, you can see that within this class we have defined a "must implemented" function called init. Within the init function, we check whether the component, on which this plugin is attached, has rendered or not, and then call the handleAfterRender function whenever the rendering is. Within this function, a code is provided, such that when the change event fires off the textareafield component, the handleChange function of this class should get executed; simultaneously, create an HTML <div> element within the handleAfterRender function, where we want to show the message information regarding the characters and message counter. And the handleChange function is the handler that calculates the message length in order to show the colored, warning text, and call the updateMessageInfo function to update the message information text for the characters length and the number of messages. Now we can easily add the following plugin to the component: { xtype : 'textareafield', plugins : ['sms'] } Also, we can supply configuration options when we are inserting the plugin within the plugins configuration option to override the default values, as follows: plugins : [Ext.create('Examples.plugin.Sms', { perMessageLength : 20, defaultColor : '#0000ff', warningColor : "#00ff00" })] Building an Ext JS extension Let us start developing an Ext JS extension. In this section we will develop an SMS extension that exactly satisfies the same requirements as the earlier-developed SMS plugin. We already know that an Ext JS extension is a derived class of existing Ext JS class, we are going to extend the Ext JS's textarea field that facilitates for typing multiline text and provides several event handling, rendering and other functionalities. Here is the following code where we have created the Extension class under the SMS view within the Examples namespace of an Ext JS application: Ext.define('Examples.view.sms.Extension', { extend : 'Ext.form.field.TextArea', alias : 'widget.sms', config : { perMessageLength : 160, defaultColor : '#000000', warningColor : '#ff0000' }, constructor : function(cfg) { Ext.apply(this, cfg); this.callParent(arguments); }, afterRender : function() { this.on({ scope : this, change : this.handleChange }); var dom = Ext.get(this.bodyEl.dom); Ext.DomHelper.append(dom, { tag : 'div', cls : 'extension-sms' }); }, handleChange : function(field, newValue) { if (newValue.length > this.getPerMessageLength()) { field.setFieldStyle('color:' + this.getWarningColor()); } else { field.setFieldStyle('color:' + this.getDefaultColor()); } this.updateMessageInfo(newValue.length); }, updateMessageInfo : function(length) { var tpl = ['Characters: {length}<br/>', 'Messages: {messages}'].join(''); var text = new Ext.XTemplate(tpl); var messages = parseInt(length / this.getPerMessageLength()); if ((length / this.getPerMessageLength()) - messages > 0) { ++messages; } Ext.get(this.getInfoPanel()).update(text.apply({ length : length, messages : messages })); }, getInfoPanel : function() { return this.el.select('.extension-sms'); } }); As seen in the preceding code, the extend keyword is used as a class property to extend the Ext.form.field.TextArea class in order to create the extension class. Within the afterRender event handler, we provide a code so that when the change event fires off the textarea field, we can execute the handleChange function of this class and also create an Html <div> element within this afterRender event handler where we want to show the message information regarding the characters counter and message counter. And from this section, the logic to show the warning, message character counter, and message counter is the same as we used in the SMS plugin. Now we can easily create an instance of this extension: Ext.create('Examples.view.sms.Extension'); Also, we can supply configuration options when we are creating the instance of this class to override the default values: Ext.create('Examples.view.sms.Extension', { perMessageLength : 20, defaultColor : '#0000ff', warningColor : "#00ff00" }); The following is the screenshot where we've used the SMS plugin and extension: In the preceding screenshot we have created an Ext JS window and incorporated the SMS extension and SMS plugin. As we have already discussed on the benefit of writing a plugin, we can not only use the SMS plugin with text area field, but we can also use it with text field. Summary We have learned from this article what a plugin and an extension are, the differences between the two, the facilities they offer, how to use them, and take decisions on choosing either an extension or a plugin for the needed functionality. In this article we've also developed a simple SMS plugin and an SMS extension. Resources for Article: Further resources on this subject: So, what is Ext JS? [Article] Ext JS 4: Working with the Grid Component [Article] Custom Data Readers in Ext JS [Article]

(For more resources related to this topic, see here.) Let's take a base URL: NSURL *baseURL = [NSURL URLWithString:@"http://example.com/v1/"]; Now: [NSURL URLWithString:@"foo" relativeToURL:baseURL]; // Will give us http://example.com/v1/foo [NSURL URLWithString:@"foo?bar=baz" relativeToURL:baseURL]; // -> http://example.com/v1/foo?bar=baz [NSURL URLWithString:@"/foo" relativeToURL:baseURL]; // -> http://example.com/foo [NSURL URLWithString:@"foo/" relativeToURL:baseURL]; // -> http://example.com/v1/foo [NSURL URLWithString:@"/foo/" relativeToURL:baseURL]; // -> http://example.com/foo/ [NSURL URLWithString:@"http://example2.com/" relativeToURL:baseURL]; // -> http://example2.com/ Having the knowledge of what an object manager is, let's try to apply it in a real-life example. Before proceeding, it is highly recommend that we check the actual documentation on REST API of MongoHQ. The current one is at the following link: http://support.mongohq.com/mongohq-api/introduction.html As there are no strict rules on REST API, every API is different and does a number of things in its own way. MongoHQ API is not an exception. In addition, it is currently in "beta" stage. Some of the non-standard things one can find in it are as follows: The API key should be provided as a parameter with every request. There is an undocumented way of how to provide it in Headers, which is a more common approach. Sometimes, if you get an error with the status code returned as 200 (OK), which is not according to REST standards, the normal way would be to return something in 4xx, which is stated as a client error. Sometimes, while the output of an error message is a JSON string, the HTTP response Content-type header is set as text/plain. To use the API, one will need a valid API Key. You can easily get one for free following a simple guideline recommended by the MongoHQ team: Sign up for an account at http://MongoHQ.com. Once logged in, click on the My Account drop-down menu at the top-right corner and select Account Settings. Look for the section labeled API Token. From there, take your token. We will put the API key into the MongoHQ-API-Token HTTP header. The following screenshot shows where one can find the API token key: API Token on Account Info page So let's set up our configuration using the following steps: You can use the AppDelegate class for putting the code, while I recommend using a separate MongoHqApi class for such App/API logic separation. First, let's set up our object manager with the following code: - (void)setupObjectManager { NSString *baseUrl = @"https://api.mongohq.com"; AFHTTPClient *httpClient = [[AFHTTPClient alloc] initWithBaseURL:[NSURL URLWithString:baseUrl]]; NSString *apiKey = @"MY_API_KEY"; [httpClient setDefaultHeader:@"MongoHQ-API-Token" value:apiKey]; RKObjectManager *manager = [[RKObjectManager alloc] initWithHTTPClient:httpClient]; [RKMIMETypeSerialization registerClass:[RKNSJSONSerialization class] forMIMEType:@"text/plain"]; [manager.HTTPClient registerHTTPOperationClass:[AFJSONRequestOperation class]]; [manager setAcceptHeaderWithMIMEType:RKMIMETypeJSON]; manager.requestSerializationMIMEType = RKMIMETypeJSON; [RKObjectManager setSharedManager:manager]; } Let's look at the code line by line and set the base URL. Remember not to put a slash (/) at the end, otherwise, you might have a problem with response mapping: NSString *baseUrl = @"https://api.mongohq.com"; Initialize the HTTP client with baseUrl: AFHTTPClient *httpClient = [[AFHTTPClient alloc] initWithBaseURL:[NSURL URLWithString:baseUrl]]; Set a few properties for our HTTP client, such as the API key in the header: NSString *apiKey = @"MY_API_KEY"; [httpClient setDefaultHeader:@"MongoHQ-API-Token" value:apiKey]; For the real-world app, one can show an Enter Api Key view controller to the user, and use a NSUserDefaults or a keychain to store and retrieve it. And initialize the RKObjectManager with our HTTP client: RKObjectManager *manager = [[RKObjectManager alloc] initWithHTTPClient:httpClient]; MongoHQ APIs sometimes return errors in text/plain, thus we explicitly will add text/plain as a JSON content type to properly parse errors: [RKMIMETypeSerialization registerClass:[RKNSJSONSerialization class] forMIMEType:@"text/plain"]; Register JSONRequestOperation to parse JSON in requests: [manager.HTTPClient registerHTTPOperationClass:[AFJSONRequestOperation class]]; State that we are accepting JSON content type: [manager setAcceptHeaderWithMIMEType:RKMIMETypeJSON]; Configure so that we want the outgoing objects to be serialized into JSON: manager.requestSerializationMIMEType = RKMIMETypeJSON; Finally, set the shared instance of the object manager, so that we can easily re-use it later: [RKObjectManager setSharedManager:manager]; Sending requests with object manager Next, we want to query our databases. Let's first see how a database request will show us the output in JSON. To check this, go to http://api.mongohq.com/databases?_apikey=YOUR_API_KEY in your web browser YOUR_API_KEY. If a JSON-formatter extension (https://github.com/rfletcher/safari-json-formatter) is installed in your Safari browser, you will probably see the output shown in the following screenshot. JSON response from API As we see, the JSON representation of one database is: [ { "hostname": "sandbox.mongohq.com", "name": "Test", "plan": "Sandbox", "port": 10097, "shared": true } ] Therefore, our possible MDatabase class could look like: @interface MDatabase : NSObject @property (nonatomic, strong) NSString *name; @property (nonatomic, strong) NSString *plan; @property (nonatomic, strong) NSString *hostname; @property (nonatomic, strong) NSNumber *port; @end We can also modify the @implementation section to override the description method, which will help us while debugging the application and printing the object: // in @implementation MDatabase - (NSString *)description { return [NSString stringWithFormat:@"%@ on %@ @ %@:%@", self.name, self.plan, self.hostname, self.port]; } Now let's set up a mapping for it: - (void)setupDatabaseMappings { RKObjectManager *manager = [RKObjectManager sharedManager]; Class itemClass = [MDatabase class]; NSString *itemsPath = @"/databases"; RKObjectMapping *mapping = [RKObjectMapping mappingForClass:itemClass]; [mapping addAttributeMappingsFromArray:@[@"name", @"plan", @"hostname", @"port"]]; NSString *keyPath = nil; NSIndexSet *statusCodes = RKStatusCodeIndexSetForClass(RKStatusCodeClassSuccessful); RKResponseDescriptor *responseDescriptor = [RKResponseDescriptor responseDescriptorWithMapping:mapping method:RKRequestMethodGET pathPattern:itemsPath keyPath:keyPath statusCodes:statusCodes]; [manager addResponseDescriptor:responseDescriptor]; } Let's look at the mapping setup line by line: First, we define a class, which we will use to map to: Class itemClass = [MDatabase class]; And the endpoint we plan to request for getting a list of objects: NSString *itemsPath = @"/databases"; Then we create the RKObjectMapping mapping for our object class: RKObjectMapping *mapping = [RKObjectMapping mappingForClass:itemClass]; If the names of JSON fields and class properties are the same, we will use an addAttributeMappingsFromArray method and provide the array of properties: [mapping addAttributeMappingsFromArray:@[@"name", @"plan", @"hostname", @"port"]]; The root JSON key path in our case is nil. It means that there won't be one. NSString *keyPath = nil; The mapping will be triggered if a response status code is anything in 2xx: NSIndexSet *statusCodes = RKStatusCodeIndexSetForClass(RKStatusCodeClassSuccessful); Putting it all together in response descriptor (for a GET request method): RKResponseDescriptor *responseDescriptor = [RKResponseDescriptor responseDescriptorWithMapping:mapping method:RKRequestMethodGET pathPattern:itemsPath keyPath:keyPath statusCodes:statusCodes]; Add response descriptor to our shared manager: RKObjectManager *manager = [RKObjectManager sharedManager]; [manager addResponseDescriptor:responseDescriptor]; Sometimes, depending on the architectural decision, it's nicer to put the mapping definition as part of a model object, and later call it like [MDatabase mapping], but for the sake of simplicity, we will put the mapping in line with RestKit configuration. The actual code that loads the database list will look like: RKObjectManager *manager = [RKObjectManager sharedManager]; [manager getObjectsAtPath:@"/databases" parameters:nil success:^(RKObjectRequestOperation *operation, RKMappingResult *mappingResult) { NSLog(@"Loaded databases: %@", [mappingResult array]); } failure:^(RKObjectRequestOperation *operation, NSError *error) { NSLog(@"Error: %@", [error localizedDescription]) }]; As you may have noticed, the method is quite simple to use and it uses block-based APIs for callbacks, which greatly improves the code readability, compared to using delegates, especially if there is more than one network request in a class. A possible implementation of a table view that loads and shows the list of databases will look like the following screenshot: View of loaded Database items Summary In this article, we learned how to set up the RestKit library to work for our web service, we talked about sending requests, getting responses, and how to do object manipulations. We also talked about simplifying the requests by introducing routing. In addition, we discussed how integration with UI can be done and created forms. Resources for Article: Further resources on this subject: Linking OpenCV to an iOS project [Article] Getting Started on UDK with iOS [Article] Unity iOS Essentials: Flyby Background [Article]

(For more resources related to this topic, see here.) Dependencies can be injected in a consumer class using different patterns and injecting them into a constructor is just one of them. While there are some patterns that can be followed for injecting dependencies, there are also some patterns that are recommended to be avoided, as they usually lead to undesirable results. In this article, we will examine only those patterns and antipatterns that are somehow relevant to Ninject features. Constructor Injection Constructor Injection is the most common and recommended pattern for injecting dependencies in a class. Generally this pattern should always be used as the primary injection pattern unless we have to use other ones. In this pattern, a list of all class dependencies should be introduced in the constructor. The question is what if the class has more than one constructor. Although Ninject's strategy for selecting constructor is customizable, its default behavior is selecting the constructor with more parameters, provided all of them are resolvable by Ninject. So, although in the following code the second constructor introduces more parameters, Ninject will select the first one if it cannot resolve IService2 and it will even use the default constructor if IService1 is not registered either. But if both dependencies are registered and resolvable, Ninject will select the second constructor because it has more parameters: public class Consumer { private readonly IService1 dependency1; private readonly IService2 dependency2; public Consumer(IService1 dependency1) { this.dependency1 = dependency1; } public Consumer(IService1 dependency1, IService2 dependency2) { this.dependency1 = dependency1; this.dependency2 = dependency2; } } If the preceding class had another constructor with two resolvable parameters, Ninject would throw an ActivationException exception notifying that several constructors had the same priority. There are two approaches to override this default behavior and explicitly select a constructor. The first approach is to indicate the desired constructor in a binding as follows: Bind<Consumer>().ToConstructor(arg => new Consumer(arg.Inject<IService1>())); In the preceding example, we explicitly selected the first constructor. Using the Inject<T> method that the arg argument provides, we requested Ninject to resolve IService1 in order to be injected into the specified constructor. The second method is to indicate the desired constructor using the [Inject] attribute: [Inject] public Consumer(IService1 dependency1) { this.dependency1 = dependency1; } In the preceding example, we applied the Ninject's [Inject] attribute on the first constructor to explicitly specify that we need to initialize the class by injecting dependencies into this constructor; even though the second constructor has more parameters and the default strategy of Ninject would be to select the second one. Note that applying this attribute on more than one constructor will result in the ActivationException. Ninject is highly customizable and it is even possible to substitute the default [Inject] attribute with another one, so that we don't need to add reference to the Ninject library from our consumer classes just because of an attribute: kernel.Settings.Set("InjectAttribute",typeof(MyAttribute)); Initializer methods and properties Apart from constructor injection, Ninject supports the injection of dependencies using initializer methods and property setters. We can specify as many methods and properties as required using the [Inject] attribute to inject dependencies. Although the dependencies will be injected to them as soon as the class is constructed, it is not possible to predict in which order they will receive their dependencies. The following code shows how to specify a property for injection: [Inject]public IService Service{ get { return dependency; } set { dependency = value; }} Here is an example of injecting dependencies using an injector method: [Inject]public void Setup(IService dependency){ this.dependency = dependency;} Note that only public members and constructors will be injected and even the internals will be ignored unless Ninject is configured to inject nonpublic members. In Constructor Injection, the constructor is a single point where we can consume all of the dependencies as soon as the class is activated. But when we use initializer methods the dependencies will be injected via multiple points in an unpredictable order, so we cannot decide in which method all of the dependencies will be ready to consume. In order to solve this problem, Ninject offers the IInitializable interface. This interface has an Initialize method which will be called once all of the dependencies have been injected: public class Consumer:IInitializable{ private IService1 dependency1; private IService2 dependency2; [Inject] public IService Service1 { get { return dependency1; } set { dependency1 = value; } } [Inject] public IService Service2 { get { return dependency2; } set { dependency2 = value; } } public void Initialize() { // Consume all dependencies here }} Although Ninject supports injection using properties and methods, Constructor Injection should be the superior approach. First of all, Constructor Injection makes the class more reusable, because a list of all class dependencies are visible, while in the initializer property or method the user of the class should investigate all of the class members or go through the class documentations (if any), to discover its dependencies. Initialization of the class is easier while using Constructor Injection because all the dependencies get injected at the same time and we can easily consume them at the same place where the constructor initializes the class. As we have seen in the preceding examples the only case where the backing fields could be readonly was in the Constructor Injection scenario. As the readonly fields are initializable only in the constructor, we need to make them writable to be able to use initializer methods and properties. This can lead to potential mutation of backing fields. Service Locator Service Locator is a design pattern introduced by Martin Fowler regarding which there have been some controversies. Although it can be useful in particular circumstances, it is generally considered as an antipattern and preferably should be avoided. Ninject can easily be misused as a Service Locator if we are not familiar to this pattern. The following example demonstrates misusing the Ninject kernel as a Service Locator rather than a DI container: public class Consumer{ public void Consume() { var kernel = new StandardKernel(); var depenency1 = kernel.Get<IService1>(); var depenency2 = kernel.Get<IService2>(); ... }} There are two significant downsides with the preceding code. The first one is that although we are using a DI container, we are not at all implementing DI. The class is tied to the Ninject kernel while it is not really a dependency of this class. This class and all of its prospective consumers will always have to drag their unnecessary dependency on the kernel object and Ninject library. On the other hand, the real dependencies of class (IService1 and IService2) are invisible from the consumers, and this reduces its reusability. Even if we change the design of this class to the following one, the problems still exist: public class Consumer{ private readonly IKernel kernel; public Consumer(IKernel kernel) { this.kernel = kernel; } public void Consume() { var depenency1 = kernel.Get<IService1>(); var depenency2 = kernel.Get<IService2>(); ... }} The preceding class still depends on the Ninject library while it doesn't have to and its actual dependencies are still invisible to its consumers. It can easily be refactored using the Constructor Injection pattern: public Consumer(IService1 dependency1, IService2 dependency2){ this.dependency1 = dependency1; this.dependency2 = dependency2;} Summary In this article we studied the most common DI patterns and anti-patterns related to Ninject. Resources for Article: Further resources on this subject: Introduction to JBoss Clustering [Article] Configuring Clusters in GlassFish [Article] Designing Secure Java EE Applications in GlassFish [Article]

(For more resources related to this topic, see here.) Oracle Database 12c has introduced many new features and enhancements for backup and recovery. This article will introduce you to some of them and you will have the opportunity to learn in more detail how they could be used in real life situations. But I cannot start talking about Oracle 12 c without talking first about a revolutionary whole new concept that was introduced with this new version of the database product, called Multitenant Container Database( CDB ) that will contain two or more pluggable databases ( PDB ). When a container database only contains one PDB it is called Single Tenant Container Database. You can also have your database on Oracle 12c using the same format as before 12c, it will be called non-CDB database and will not allow the use of PDBs. Pluggable database We are now able to have multiple databases sharing a single instance and Oracle binaries. Each of the databases will be configurable to a degree and will allow some parameters to be set specifically for themselves (due that they will share the same initialization parameter file) and what is better, each database will be completely isolated from each other without either knowing that the other exists. A CDB is a single physical database that contains a root container with the main Oracle data dictionary and at least one PDB with specific application data. A PDB is a portable container with its own data dictionary, including metadata and internal links to the system-supplied objects in the root container, and this PDB will appear to an Oracle Net client as a traditional Oracle database. The CDB also contains a PDB called SEED, which is used as a template when an empty PDB needs to be created. The following figure shows an example of a CDB with five PDBs: When creating a database on Oracle 12 c , you can now create a CDB with one or more PDBs, and what is even better is that you can easily clone a PDB, or unplug it and plug it into a different server with a preinstalled CDB, if your target server is running out of resources such as CPU or memory. Many years ago, the introduction of external storage gave us the possibility to store data on external devices and the flexibility to plug and unplug them to any system independent of their OS. For example, you can connect an external device to a system using Windows XP and read your data without any problems. Later you can unplug it and connect it to a laptop running Windows 7 and you will still be able to read your data. Now with the introduction of Oracle pluggable databases, we will be able to do something similar with Oracle when upgrading a PDB, making this process simple and easy. All you will need to do to upgrade a PDB, as per example, is: Unplug your PDB (step 1 in the following figure) that is using a CDB running 12.1.0.1. Copy the PDB to the destination location with a CDB that is using a later version such as 12.2.0.1 (step 2 in the following figure). Plug the PDB to the CDB (step 3 in the following figure), and your PDB is now upgraded to 12.2.0.1. This new concept is a great solution for database consolidation and is very useful for multitenant SaaS (Software as a Service) providers, improving resource utilization, manageability, integration, and service management. Some key points about pluggable databases are: You can have many PDBs if you want inside a single container (a CDB can contain a maximum of 253 PDBs) A PDB is fully backwards compatible with an ordinary pre-12.1 database in an applications perspective, meaning that an application built for example to run on Oracle 11.1 will have no need to be changed to run on Oracle 12c A system administrator can connect to a CDB as a whole and see a single system image If you are not ready to make use of this new concept, you can still be able to create a database on Oracle 12c as before, called non-CDB (non-Container Database) Each instance in RAC opens the CDB as a whole. A foreground session will see only the single PDB it is connected to and sees it just as a non-CDB The Resource Manager is extended with some new between-PDB capabilities Fully integrated with Oracle Enterprise Manager 12c and SQL Developer Fast provisioning of new databases (empty or as a copy/clone of an existing PDB) On Clone triggers can be used to scrub or mask data during a clone process Fast unplug and plug between CDBs Fast path or upgrade by unplugging a PDB and plugging it into a different CDB already patched or with a later database version Separation of duties between DBA and application administrators Communication between PDBs is allowed via intra-CDB dblinks Every PDB has a default service with its name in one Listener An unplugged PDB carries its lineage, Opatch, encryption key info, and much more All PDBs in a CDB should use the same character set All PDBs share the same control files, SPFILE, redo log files, flashback log files, and undo Flashback PDB is not available on 12.1, it expected to be available with 12.2 Allows multitenancy of Oracle Databases, very useful for centralization, especially if using Exadata Multitenant Container Database is only available for Oracle Enterprise Edition as a payable option, all other editions of the Oracle database can only deploy non-CDB or Single Tenant Pluggable databases. RMAN new features and enhancements Now we can continue and take a fast and closer look at some of the new features and enhancements introduced in this database version for RMAN. Container and pluggable database backup and restore As we saw earlier, the introduction of Oracle 12c and the new pluggable database concept made it possible to easily centralize multiple databases maintaining the individuality of each one when using a single instance. The introduction of this new concept also forced Oracle to introduce some new enhancements to the already existent BACKUP, RESTORE, and RECOVERY commands to enable us to be able to make an efficient backup or restore of the complete CDB. This includes all PDBs or just one of more PDBs, or if you want to be more specific, you can also just backup or restore one or more tablespaces from a PDB. Some examples of how to use the RMAN commands when performing a backup on Oracle 12c are: RMAN> BACKUP DATABASE; (To backup the CBD + all PDBs) RMAN> BACKUP DATABASE root; (To backup only the CBD) RMAN> BACKUP PLUGGABLE DATABASE pdb1,pdb2; (To backup all specified PDBs) RMAN> BACKUP TABLESPACE pdb1:example; (To backup a specific tablespace in a PDB) Some examples when performing RESTORE operations are: RMAN> RESTORE DATABASE; (To restore an entire CDB, including all PDBs) RMAN> RESTORE DATABASE root; (To restore only the root container) RMAN> RESTORE PLUGGABLE DATABASE pdb1; (To restore a specific PDB) RMAN> RESTORE TABLESPACE pdb1:example; (To restore a tablespace in a PDB) Finally, some example of RECOVERY operations are: RMAN> RECOVER DATABASE; (Root plus all PDBs) RMAN> RUN { SET UNTIL SCN 1428; RESTORE DATABASE; RECOVER DATABASE; ALTER DATABASE OPEN RESETLOGS; } RMAN> RUN } RESTORE PLUGGABLE DATABASE pdb1 TO RESTORE POINT one; RECOVER PLUGGABLE DATABASE pdb1 TO RESTORE POINT one; ALTER PLUGGABLE DATABASE pdb1 OPEN RESETLOGS;} Enterprise Manager Database Express The Oracle Enterprise Manager Database Console or Database Control that many of us used to manage an entire database is now deprecated and replaced by the new Oracle Enterprise Manager Database Express. This new tool uses Flash technology and allows the DBA to easily manage the configurations, storage, security, and performance of a database. Note that RMAN, Data Pump, and the Oracle Enterprise Manager Cloud Control are now the only tools able to perform backup and recovery operations in a pluggable database environment, in other words, you cannot use the Enterprise Manager Database Express for database backup/recovery operations. Backup privileges Oracle Database 12c provides separation support for the separation of DBA duties for the Oracle Database by introducing task-specific and least privileged administrative privileges for backups that do not require the SYSDBA privilege. The new system privilege introduced with this new release is SYSBACKUP. Avoid the use of the SYSDBA privilege for backups unless it is strictly necessary. When connecting to the database using the AS SYSDBA system privilege, you are able to see any object structure and all the data within the object, whereas if you are connecting using the new system privilege AS SYSBACKUP, you will still be able to see the structure of an object but not the object data. If you try to see any data using the SYSBACKUP privilege, the ORA-01031: insufficient privileges message will be raised. Tighter security policies require a separation of duties. The new SYSBACKUP privilege facilitates the implementation of the separation of duties, allowing backup and recovery operations to be performed without implicit access to the data, so if access to the data is required for one specific user, it will need to be granted explicitly to this user. RMAN has introduced some changes when connecting to a database such as: TARGET: It will require the user to have the SYSBACKUP administrative privilege to be able to connect to the TARGET database CATALOG: As in the earlier versions a user was required to have the RECOVERY_CATALOG_OWNER role assigned to be able to connect to the RMAN catalog, now it will need to have assigned the SYSBACKUP privilege to be able to connect to the catalog AUXILIARY: It will require the SYSBACKUP administrative privilege to connect to the AUXILIARY database Some important points about the SYSBACKUP administrative privilege are: It includes permissions for backup and recovery operations It does not include data access privileges such as SELECT ANY TABLE that the SYSDBA privilege has It can be granted to the SYSBACKUP user that is created during the database installation process It's the default privilege when a RMAN connection string is issued and does not contain the AS SYSBACKUP clause: $ RMAN TARGET / Before connecting as the SYSBACKUP user created during the database creation process, you will need to unlock the account and grant the SYSBACKUP privilege to the user. When you use the GRANT command to give the SYSBACKUP privilege to a user, the username and privilege information will be automatically added to the database password file. The v$pwfile_users view contains all information regarding users within the database password file and indicates whether a user has been granted any privileged system privilege. Let's take a closer look to this view: SQL> DESC v$pwfile_users Name Null? Type ----------------------------- -------- ----------------- USERNAME VARCHAR2(30) SYSDBA VARCHAR2(5) SYSOPER VARCHAR2(5) SYSASM VARCHAR2(5) SYSBACKUP VARCHAR2(5) SYSDG VARCHAR2(5) SYSKM VARCHAR2(5) CON_ID NUMBER As you can see, this view now contains some new columns, such as: SYSBACKUP: It indicates if the user is able to connect using the SYSBACKUP privileges SYSDG: It indicates if the user is able to connect using the SYSDG (new for Data Guard) privileges SYSKM: It indicates if the user is able to connect using the SYSKM (new for Advanced Security) privileges. CON_ID: It is the ID of the current container. If 0, it will indicate that it is related to the entire CDB or to an entire traditional database (non-CDB): if the value is 1, then this user has the access only to root; if other value, then the view will identify a specific container ID. To help you clearly understand the use of the SYSBACKUP privilege, let's run a few examples to make it completely clear. Let's connect to our newly created database as SYSDBA and take a closer look at the SYSBACKUP privilege: $ sqlplus / as sysdbaSQL> SET PAGES 999SQL> SET LINES 99SQL> COL USERNAME FORMAT A21SQL> COL ACCOUNT_STATUS FORMAT A20SQL> COL LAST_LOGIN FORMAT A41 SQL> SELECT username, account_status, last_login 2 FROM dba_users 3 WHERE username = 'SYSBACKUP';USERNAME ACCOUNT_STATUS LAST_LOGIN------------ -------------------- -----------------------SYSBACKUP EXPIRED & LOCKED As you can see, the SYSBACKUP account created during the database creation is currently EXPIRED & LOCKED, you will need to unlock this account and grant the SYSBACKUP privilege to it if you want to use this user for any backup and recovery purposes: For this demo I will use the original SYSBACKUP account, but in a production environment never use the SYSBACKUP account, instead grant the SYSBACKUP privilege to the user(s) that will be responsible for the backup and recovery operations. SQL> ALTER USER sysbackup IDENTIFIED BY "demo" ACCOUNT UNLOCK; User altered. SQL> GRANT sysbackup TO sysbackup; Grant succeeded. SQL> SQL> SELECT username, account_status 2 FROM dba_users 3 WHERE account_status NOT LIKE '%LOCKED'; USERNAME ACCOUNT_STATUS --------------------- -------------------- SYS OPEN SYSTEM OPEN SYSBACKUP OPEN We can also easily identify what system privileges and roles are assigned to SYSBACKUP by executing the following SQLs: SQL> COL grantee FORMAT A20 SQL> SELECT * 2 FROM dba_sys_privs 3 WHERE grantee = 'SYSBACKUP'; GRANTEE PRIVILEGE ADM COM ------------- ----------------------------------- --- --- SYSBACKUP ALTER SYSTEM NO YES SYSBACKUP AUDIT ANY NO YES SYSBACKUP SELECT ANY TRANSACTION NO YES SYSBACKUP SELECT ANY DICTIONARY NO YES SYSBACKUP RESUMABLE NO YES SYSBACKUP CREATE ANY DIRECTORY NO YES SYSBACKUP UNLIMITED TABLESPACE NO YES SYSBACKUP ALTER TABLESPACE NO YES SYSBACKUP ALTER SESSION NO YES SYSBACKUP ALTER DATABASE NO YES SYSBACKUP CREATE ANY TABLE NO YES SYSBACKUP DROP TABLESPACE NO YES SYSBACKUP CREATE ANY CLUSTER NO YES 13 rows selected. SQL> COL granted_role FORMAT A30 SQL> SELECT * 2 FROM dba_role_privs 3 WHERE grantee = 'SYSBACKUP'; GRANTEE GRANTED_ROLE ADM DEF COM -------------- ------------------------------ --- --- --- SYSBACKUP SELECT_CATALOG_ROLE NO YES YES Where the column ADMIN_OPTION refers to if the user has or not, the ADMIN_OPTION privilege, the column DEFAULT_ROLE indicates whether or not ROLE is designated as a default role for the user, and the column COMMON refers to if it's common to all the containers and pluggable databases available. SQL and DESCRIBE As you know well, you are able to execute the SQL commands, and the PL/SQL procedures from the RMAN command line starting with Oracle 12.1, do not require the use of the SQL prefix or quotes for most SQL commands in RMAN. You can now run some simple SQL commands in RMAN such as: RMAN> SELECT TO_CHAR(sysdate,'dd/mm/yy - hh24:mi:ss') 2> FROM dual; TO_CHAR(SYSDATE,'DD) ------------------- 17/09/12 - 02:58:40 RMAN> DESC v$datafile Name Null? Type --------------------------- -------- ------------------- FILE# NUMBER CREATION_CHANGE# NUMBER CREATION_TIME DATE TS# NUMBER RFILE# NUMBER STATUS VARCHAR2(7) ENABLED VARCHAR2(10) CHECKPOINT_CHANGE# NUMBER CHECKPOINT_TIME DATE UNRECOVERABLE_CHANGE# NUMBER UNRECOVERABLE_TIME DATE LAST_CHANGE# NUMBER LAST_TIME DATE OFFLINE_CHANGE# NUMBER ONLINE_CHANGE# NUMBER ONLINE_TIME DATE BYTES NUMBER BLOCKS NUMBER CREATE_BYTES NUMBER BLOCK_SIZE NUMBER NAME VARCHAR2(513) PLUGGED_IN NUMBER BLOCK1_OFFSET NUMBER AUX_NAME VARCHAR2(513) FIRST_NONLOGGED_SCN NUMBER FIRST_NONLOGGED_TIME DATE FOREIGN_DBID NUMBER FOREIGN_CREATION_CHANGE# NUMBER FOREIGN_CREATION_TIME DATE PLUGGED_READONLY VARCHAR2(3) PLUGIN_CHANGE# NUMBER PLUGIN_RESETLOGS_CHANGE# NUMBER PLUGIN_RESETLOGS_TIME DATE CON_ID NUMBER RMAN> ALTER TABLESPACE users 2> ADD DATAFILE '/u01/app/oracle/oradata/cdb1/pdb1/user02.dbf' size 50M; Statement processed Remember that the SYSBACKUP privilege does not grant access to the user tables or views, but the SYSDBA privilege does. Multi-section backups for incremental backups Oracle Database 11g introduced multi-section backups to allow us to backup and restore very large files using backup sets (remember that Oracle datafiles can be up to 128 TB in size). Now with Oracle Database 12c , we are able to make use of image copies when creating multi-section backups as a complement of the previous backup set functionality. This helps us to reduce image copy creation time for backups, transporting tablespaces, cloning, and doing a TSPITR (tablespace point-in-time recovery), it also improves backups when using Exadata. The main restrictions to make use of this enhancement are: The COMPATIBLE initialization parameter needs to be set to 12.0 or higher to make use of the new image copy multi-section backup feature This is only available for datafiles and cannot be used to backup control or password files Not to be used with a large number of parallelisms when a file resides on a small number of disks, to avoid each process to compete with each other when accessing the same device Another new feature introduced with multi-section backups is the ability to create multi-section backups for incremental backups. This will allow RMAN to only backup the data that has changed since the last backup, consequently enhancing the performance of multi-section backups due that they are processed independently, either serially or in parallel. Network-based recovery Restoring and recovering files over the network is supported starting with Oracle Database 12c . We can now recover a standby database and synchronize it with its primary database via the network without the need to ship the archive log files. When the RECOVER command is executed, an incremental backup is created on the primary database. It is then transferred over the network to the physical standby database and applied to the standby database to synchronize it within the primary database. RMAN uses the SCN from the standby datafile header and creates the incremental backup starting from this SCN on the primary database, in other words, only bringing the information necessary to the synchronization process. If block change tracking is enabled for the primary database, it will be used while creating the incremental backup making it faster. A network-based recovery can also be used to replace any missing datafiles, control files, SPFILE, or tablespaces on the primary database using the corresponding entity from the physical standby to the recovery operation. You can also use multi-section backup sets, encryption, or even compression within a network-based recovery. Active Duplicate The Active Duplicate feature generates an online backup on the TARGET database and directly transmits it via an inter-instance network connection to the AUXILIARY database for duplication (not written to disk in the source server). Consequently, this reduces the impact on the TARGET database by offloading the data transfer operation to the AUXILIARY database, also reducing the duplication time. This very useful feature has now received some important enhancements. In Oracle 11 g when this feature was initially introduced, it only allowed us to use a push process based on the image copies. Now it allows us to make use of the already known push process or to make use of the newly introduced pull process from the AUXILIARY database that is based on backup sets (the pull process is now the new default and automatically copies across all datafiles, control files, SPFILE and archive log files). Then it performs the restore of all files and uses a memory script to complete the recovery operation and open the AUXILIARY database. RMAN will dynamically determine, based on your DUPLICATE clauses, which process will be used (push or pull). It is very possible that soon Oracle will end deprecating the push process on the future releases of the database. You can now choose your choice of compression, section size, and encryption to be used during the Active Duplication process. For example, if you specify the SET ENCRYPTION option before the DUPLICATE command, all the backups sent from the target to the auxiliary database will be encrypted. For an effective use of parallelism, allocate more AUXILIARY channels instead of TARGET channels as in the earlier releases. Finally, another important new enhancement is the possibility to finish the duplication process with the AUXILIARY database in not open state (the default is to open the AUXILIARY database after the duplication is completed). This option is very useful when you are required to: Modify the block change tracking Configure fast incremental backups or flashback database settings Move the location of the database, for example, to ASM Upgrade the AUXILIARY database (due that the database must not be open with reset logs prior to applying the upgrade scripts) Or when you know that the attempt to open the database would produce errors To make it clearer, let's take a closer look at what operations RMAN will perform when a DUPLICATE command is used: Create an SPFILE string for the AUXILIARY instance. Mount the backup control file. Restore the TARGET datafiles on the AUXILIARY database. Perform incomplete recovery using all the available incremental backups and archived redo log files. Shut down and restart the AUXILIARY instance in the NOMOUNT mode. Create a new control file, create and store the new database ID in the datafiles (it will not happen if the FOR STANDBY clause is in use). Mount and opens the duplicate database using the RESETLOGS option, and create the online redo log files by default. If the NOOPEN option is used, the duplicated database will not be opened with RESETLOGS and will remain in the MOUNT state. Here are some examples of how to use the DUPLICATE command with PDBs: RMAN> DUPLICATE TARGET DATABASE TO <CDB1>; RMAN> DUPLICATE TARGET DATABASE TO <CDB1> PLUGGABLE DATABASE <PDB1>, <PDB2>, <PDB3>; Support for the third-party snapshot In the past when using a third-party snapshot technology to make a backup or clone of a database, you were forced to change the database to the backup mode (BEGIN BACKUP) before executing the storage snapshot. This requirement is no longer necessary if the following conditions are met: The database crash is consistent at the point of the snapshot Write ordering is preserved for each file within the snapshot The snapshot stores the time at which the snapshot is completed If a storage vendor cannot guarantee compliance with the conditions discussed, then you must place your database in backup mode before starting with the snapshot. The RECOVER command now has a newly introduced option called SNAPSHOT TIME that allows RMAN to recover a snapshot that was taken without being in backup mode to a consistent point-in-time. Some examples of how to use this new option are: RMAN> RECOVER DATABASE UNTIL TIME '10/12/2012 10:30:00' SNAPSHOT TIME '10/12/2012 10:00:00'; RMAN> RECOVER DATABASE UNTIL CANCEL SNAPSHOT TIME '10/12/2012 10:00:00'; Only trust your backups after you ensure that they are usable for recovery. In other words, always test your backup methodology first, ensuring that it can be used in the future in case of a disaster. Cross-platform data transport Starting with Oracle 12c, transporting data across platforms can be done making use of backup sets and also create cross-platform inconsistent tablespace backups (when the tablespace is not in the read-only mode) using image copies and backup sets. When using backup sets, you are able to make use of the compression and multi-section options, reducing downtime for the tablespace and the database platform migrations. RMAN does not catalog backup sets created for cross-platform transport in the control file, and always takes into consideration the endian format of the platforms and the database open mode. Before creating a backup set that will be used for a cross-platform data transport, the following prerequisites should be met: The compatible parameter in the SPFILE string should be 12.0 or greater The source database must be open in read-only mode when transporting an entire database due that the SYS and SYSAUX tablespaces will participate in the transport process If using Data Pump, the database must be open in read-write mode You can easily check the current compatible value and open_mode of your database by running the following SQL commands: SQL> SHOW PARAMETER compatible NAME TYPE VALUE ---------------------- ----------- ---------------------- compatible string 12.0.0.0.0 SQL> SELECT open_mode FROM v$database; OPEN_MODE -------------------- READ WRITE When making use of the FOR TRANSPORT or the TO PLATFORM clauses in the BACKUP command, you cannot make use of the following clauses: CUMULATIVE forRecoveryOfSpec INCREMENTAL LEVEL n keepOption notBackedUpSpec PROXY SECTION SIZE TAG VALIDATE Table recovery In previous versions of Oracle Database, the process to recover a table to a specific point-in-time was never easy. Oracle has now solved this major issue by introducing the possibility to do a point-in-time recovery of a table, group of tables or even table partitions without affecting the remaining database objects using RMAN. This makes the process easier and faster than ever before. Remember that Oracle has previously introduced features such as database point-in-time recovery ( DBPITR ), tablespace point-in-time recovery ( TSPITR ) and Flashback database; this is an evolution of the same technology and principles. The recovery of tables and table partitions is useful in the following situations: To recover a very small set of tables to a particular point-in-time To recover a tablespace that is not self-contained to a particular point-in-time, remember that TSPITR can only be used if the tablespace is self-contained To recover tables that are corrupted or dropped with the PURGE option, so the FLASHBACK DROP functionality is not possible to be used When logging for a Flashback table is enabled but the flashback target time or SCN is beyond the available undo To recover data that was lost after a data definition language ( DDL ) operation that changed the structure of a table To recover tables and table partitions from a RMAN backup, the TARGET database should be (prerequisites): At the READ/WRITE mode In the ARCHIVELOG mode The COMPATIBLE parameter should be set to 12.0 or higher You cannot recover tables or table partitions from the SYS, SYSTEM and SYSAUX schemas, or even from a standby database. Now let's take a closer look at the steps to do a table or table partitions recovery using RMAN: First check if all the prerequisites to do a table recovery are met. Start a RMAN session with the CONNECT TARGET command. Use the RECOVER TABLE command with all the required clauses. RMAN will determine which backup contains the data that needs to be recovered based on the point-in-time specified. RMAN creates an AUXILIARY instance, you can also specify the location of the AUXILIARY instance files using the AUXILIARY DESTINATION or SET NEWNAME clause. RMAN recovers the specified objects into the AUXILIARY instance. RMAN creates a Data Pump export dump file that contains the objects. RMAN imports the recovered objects from the dump file previously created into the TARGET database. If you want to manually import the objects to the TARGET database, you can make use of the NOTABLEIMPORT clause in the RECOVER command to achieve this goal. RMAN optionally offers the possibility to rename the recovered objects in the TARGET database using the REMAP TABLE clause, or to import the recovered objects to a different tablespace using the REMAP TABLESPACE clause. An example of how to use the new RECOVER TABLE command is: RMAN> RECOVER TABLE SCOTT.test UNTIL SEQUENCE 5481 THREAD 2 AUXILARY DESTINATION '/tmp/recover' REMAP TABLE SCOTT.test:my_test;

(For more resources related to this topic, see here.) What this book will cover This book will show you how you can get OMNeT++ up and running on your Windows or Linux operating system. This book will then take you through the components that make up an OMNeT++ network simulation. The components include models written in the NED (Network Description) language, initialization files, C++ source files, arrays, queues, and then configuring and running a simulation. This book will show you how these components make up a simulation using different examples, which can all be found online. At the end of the book, I will be focusing on a method to debug your network simulation using a particular type of data visualization known as a sequence chart, and what the visualization means. What is OMNeT++? OMNeT++ stands for Objective Modular Network Testbed in C++. It's a component-based simulation library written in C++ designed to simulate communication networks. OMNeT++ is not a network simulator but a framework to allow you to create your own network simulations. The need for simulation Understanding the need for simulation is a big factor in deciding if this book is for you. Have a look at this table of real network versus simulated network comparison. A real network A network simulation The cost of all the hardware, servers, switches and so on has to be borne. The cost of a single standalone machine with OMNeT++ installed (which is free). It takes a lot of time to set up big specialist networks used for business or academia It takes time to learn how to create simulations, though once you know how it's done, it's much easier to create new ones. Making changes to a pre-existing network takes planning, and if a change is made in error, it may cause the network to fail. Making changes to a simulated network of a real pre-existing network doesn't pose any risk. The outcome of the simulation can be analyzed to determine how the real network will be affected. You get the real thing, so what you observe from the real network is actually happening. If there is a bug in the simulation software, it could cause the simulation to act incorrectly. As you can see, there are benefits of using both real networks and network simulations when creating and testing your network. The point I want to convey though, is that network simulations can make network design cheaper and less costly. Examples of simulation in the industry After looking into different industries, we can see that there is obviously a massive need for simulation where the aim is to solve real-world problems from how a ticketing system should work in a hospital to what to do when a natural disaster strikes. Simulation allows us to forecast potential problems without having to first live through those problems. Different uses of simulation in the industry are as follows: Manufacturing: The following are the uses under manufacturing: To show how labor management will work, such as worker efficiency, and how rotas and various other factors will affect production To show what happens when a component fails on a production line Crowd Management: The following are the uses under crowd management: To show the length of queues at theme parks and how that will affect business To show how people will get themselves seated at an event in a stadium Airports: The following are the uses for airports: Show the effects of flight delays on air-traffic control Show how many bags can be processed at any one time on a baggage handling system, and what happens when it fails Weather Forecasting: The following are the uses under weather forecasting: To predict forthcoming weather To predict the effect of climate change on the weather That's just to outline a few, but hopefully you can see how and where simulation is useful. Simulating your network will allow you to test the network against myriads of network attacks, and test all the constraints of the network without damaging it in real life. What you will learn After reading this book you will know the following things: How to get a free copy of OMNeT++ How to compile and install OMNeT++ on Windows and Linux What makes up an OMNeT++ network simulation How to create network topologies with NED How to create your own network simulations using the OMNeT++ IDE How to use pre-existing libraries in order to make robust and realistic network simulations without reinventing the wheel Learning how to create and run network simulations is definitely a big goal of the book. Another goal of this book is to teach you how you can learn from the simulations you create. That's why this book will also show you how to set up your simulations, and to collect data of the events that occur during the runtime of the simulation. Once you have collected data from the simulation, you will learn how to debug your network by using the Data Visualization tools that come with OMNeT++. Then you will be able to grasp what you learned from debugging the simulated network and apply it to the actual network you would like to create. Summary You should now know that this book is intended for people who want to get network simulations up and running with OMNeT++ as soon as possible. You'll know by now, roughly, what OMNeT++ is, the need for simulation, and therefore OMNeT++. You'll also know what you can expect to learn from this book. Resources for Article: Further resources on this subject: Installing VirtualBox on Linux [Article] Fedora 8 — More than a Linux Distribution [Article] Linux Shell Scripting – various recipes to help you [Article]

(For more resources related to this topic, see here.) Apache Hadoop is the leading Big Data platform that allows to process large datasets efficiently and at low cost. Other Big Data 0platforms are MongoDB, Cassandra, and CouchDB. This section describes Apache Hadoop core concepts and its ecosystem. Core components The following image shows core Hadoop components: At the core, Hadoop has two key components: Hadoop Distributed File System (HDFS) Hadoop MapReduce (distributed computing for batch jobs) For example, say we need to store a large file of 1 TB in size and we only have some commodity servers each with limited storage. Hadoop Distributed File System can help here. We first install Hadoop, then we import the file, which gets split into several blocks that get distributed across all the nodes. Each block is replicated to ensure that there is redundancy. Now we are able to store and retrieve the 1 TB file. Now that we are able to save the large file, the next obvious need would be to process this large file and get something useful out of it, like a summary report. To process such a large file would be difficult and/or slow if handled sequentially. Hadoop MapReduce was designed to address this exact problem statement and process data in parallel fashion across several machines in a fault-tolerant mode. MapReduce programing models use simple key-value pairs for computation. One distinct feature of Hadoop in comparison to other cluster or grid solutions is that Hadoop relies on the "share nothing" architecture. This means when the MapReduce program runs, it will use the data local to the node, thereby reducing network I/O and improving performance. Another way to look at this is when running MapReduce, we bring the code to the location where the data resides. So the code moves and not the data. HDFS and MapReduce together make a powerful combination, and is the reason why there is so much interest and momentum with the Hadoop project. Hadoop cluster layout Each Hadoop cluster has three special master nodes (also known as servers): NameNode: This is the master for the distributed filesystem and maintains a metadata. This metadata has the listing of all the files and the location of each block of a file, which are stored across the various slaves (worker bees). Without a NameNode HDFS is not accessible. Secondary NameNode: This is an assistant to the NameNode. It communicates only with the NameNode to take snapshots of the HDFS metadata at intervals configured at cluster level. JobTracker: This is the master node for Hadoop MapReduce. It determines the execution plan of the MapReduce program, assigns it to various nodes, monitors all tasks, and ensures that the job is completed by automatically relaunching any task that fails. All other nodes of the Hadoop cluster are slaves and perform the following two functions: DataNode: Each node will host several chunks of files known as blocks. It communicates with the NameNode. TaskTracker: Each node will also serve as a slave to the JobTracker by performing a portion of the map or reduce task, as decided by the JobTracker. The following image shows a typical Apache Hadoop cluster: The Hadoop ecosystem As Hadoop's popularity has increased, several related projects have been created that simplify accessibility and manageability to Hadoop. I have organized them as per the stack, from top to bottom. The following image shows the Hadoop ecosystem: Data access The following software are typically used access mechanisms for Hadoop: Hive: It is a data warehouse infrastructure that provides SQL-like access on HDFS. This is suitable for the ad hoc queries that abstract MapReduce. Pig: It is a scripting language such as Python that abstracts MapReduce and is useful for data scientists. Mahout: It is used to build machine learning and recommendation engines. MS Excel 2013: With HDInsight, you can connect Excel to HDFS via Hive queries to analyze your data. Data processing The following are the key programming tools available for processing data in Hadoop: MapReduce: This is the Hadoop core component that allows distributed computation across all the TaskTrackers Oozie: It enables creation of workflow jobs to orchestrate Hive, Pig, and MapReduce tasks The Hadoop data store The following are the common data stores in Hadoop: HBase: It is the distributed and scalable NOSQL (Not only SQL) database that provides a low-latency option that can handle unstructured data HDFS: It is a Hadoop core component, which is the foundational distributed filesystem Management and integration The following are the management and integration software: Zookeeper: It is a high-performance coordination service for distributed applications to ensure high availability Hcatalog: It provides abstraction and interoperability across various data processing software such as Pig, MapReduce, and Hive Flume: Flume is distributed and reliable software for collecting data from various sources for Hadoop Sqoop: It is designed for transferring data between HDFS and any RDBMS Hadoop distributions Apache Hadoop is an open-source software and is repackaged and distributed by vendors offering enterprise support. The following is the listing of popular distributions: Amazon Elastic MapReduce (cloud, http://aws.amazon.com/elasticmapreduce/) Cloudera (http://www.cloudera.com/content/cloudera/en/home.html) EMC PivitolHD (http://gopivotal.com/) Hortonworks HDP (http://hortonworks.com/) MapR (http://mapr.com/) Microsoft HDInsight (cloud, http://www.windowsazure.com/) HDInsight distribution differentiator HDInsight is an enterprise-ready distribution of Hadoop that runs on Windows servers and on Azure HDInsight cloud service. It is 100 percent compatible with Apache Hadoop. HDInsight was developed in partnership with Hortonworks and Microsoft. Enterprises can now harness the power of Hadoop on Windows servers and Windows Azure cloud service. The following are the key differentiators for HDInsight distribution: Enterprise-ready Hadoop: HDInsight is backed by Microsoft support, and runs on standard Windows servers. IT teams can leverage Hadoop with Platform as a Service ( PaaS ) reducing the operations overhead. Analytics using Excel: With Excel integration, your business users can leverage data in Hadoop and analyze using PowerPivot. Integration with Active Directory: HDInsight makes Hadoop reliable and secure with its integration with Windows Active directory services. Integration with .NET and JavaScript: .NET developers can leverage the integration, and write map and reduce code using their familiar tools. Connectors to RDBMS: HDInsight has ODBC drivers to integrate with SQL Server and other relational databases. Scale using cloud offering: Azure HDInsight service enables customers to scale quickly as per the project needs and have seamless interface between HDFS and Azure storage vault. JavaScript console: It consists of easy-to-use JavaScript console for configuring, running, and post processing of Hadoop MapReduce jobs. Summary In this article, we reviewed the Apache Hadoop components and the ecosystem of projects that provide a cost-effective way to deal with Big Data problems. We then looked at how Microsoft HDInsight makes the Apache Hadoop solution better by simplified management, integration, development, and reporting. Resources for Article : Further resources on this subject: Making Big Data Work for Hadoop and Solr [Article] Understanding MapReduce [Article] Advanced Hadoop MapReduce Administration [Article]

(For more resources related to this topic, see here.) Getting ready You will need: A Raspberry Pi An SD card with the official Raspberry Pi OS, Raspbian, properly loaded A USB keyboard A USB mouse A 5V 1A power supply with Micro-USB connector A network connection And a screen hooked up to your Raspberry Pi How to do it... Perform the following steps for installing MAME4All: From the command line, enter startx to launch the desktop environment. From the desktop, launch the Pi Store application by double-clicking on the Pi Store icon. At the top-right of the application, there will be a Log In link. Click on this link and log in with your registered account. Type MAME4All in the search bar, and press Enter. Click on the MAME4All result. At the application's information page, click on the Download button on the right-hand side of the screen. MAME4All will automatically download, and a window will appear showing the installation process. Press any button to close the window once it has finished installing. MAME4All will look for your game files in the /usr/local/bin/indiecity/InstalledApps/MAME4ALL-pi/Full/roms directory. Perform the following steps for running MAME4All from the Pi Store: From the desktop, launch the Pi Store application by double-clicking on the Pi Store icon. At the top-right of the application, there will be a Log In link. Click on the link and log in with your registered account. Click on the My Library tab. Click on MAME4All, and then click on Launch. For running MAME4All from the command line, perform the following steps: Type cd /usr/local/bin/indiecity/InstalledApps/mame4all_pi/Full and press Enter. Type ./mame and press Enter for launching MAME4All. How it works... MAME4All is a Multi Arcade Machine Emulator that takes advantage of the Raspberry Pi's GPU to achieve very fast emulation of arcade machines. It is able to achieve this speed by compiling with DispManX, which offloads SDL code to the graphics core via OpenGL ES. When you run MAME4All, it looks for any game files you have in the roms directory and displays them in a menu for you to select from. If it doesn't find any files, it exits after a few seconds. The default keys for MAME4All-Pi are: 5 for inserting coins 1 for player 1 to start Arrow keys for player 1 joystick controls Ctrl, Alt, space bar, Z, X, and C for default action keys You can modify the MAME4All configuration by editing the /usr/local/bin/indiecity/InstalledApps/mame4all_pi/Full/mame.cfg file. There's more... A few useful reference links: For information on MAME project go to http://mamedev.org/ For information on MAME4All project go to http://code.google.com/p/mame4all-pi/ Summary In this article we saw how to install, launch, and play with a specially created version of MAME for the Raspberry Pi from the Pi Store Resources for Article: Further resources on this subject: Creating a file server (Samba) [Article] Webcam and Video Wizardry [Article] Coding with Minecraft [Article]

(For more resources related to this topic, see here.) What is mobile learning? There have been many attempts at defining mobile learning. Is it learning done on the move, such as on a laptop while we sit in a train? Or is it learning done on a personal mobile device, such as a smartphone or a tablet? The capabilities of mobile devices Anyone can develop mobile learning. You don't need to be a gadget geek or have the latest smartphone or tablet. You certainly don't need to know anything about the make and models of devices on the market. The only thing the learning practitioner really needs is an understanding of the capabilities of the mobile devices that your learners have. This will inform the types of mobile learning interventions that will be best suited to your audience. The following table shows an overview of what a mobile learner might be able to do with each of the device types. The Device uses column on the left should already be setting off lots of great learning ideas in your head! Device uses Feature phone Smartphone Tablet Gaming device Media player Send texts Yes Yes       Mark calls Yes Yes       Take photos Yes Yes Yes Yes Yes Listen to music Yes Yes Yes Yes Yes Social networking Yes Yes Yes Yes Yes Take high res photos   Yes Yes Yes Yes Web searches   Yes Yes Yes Yes Web browsing   Yes Yes Yes Yes Watch online videos   Yes Yes Yes Yes Video calls   Yes Yes Yes Yes Edit photos   Yes Yes Yes Yes Shoot videos   Yes Yes   Yes Take audio recordings   Yes Yes   Yes Install apps   Yes Yes   Yes Edit documents   Yes Yes   Yes Use maps   Yes Yes   Yes Send MMS   Yes Yes     View catch up TV     Yes Yes   Better quality web browsing     Yes Yes   Shopping online     Yes     Trip planning     Yes     Bear in mind that screen size will also impact the type of learning activity that can be undertaken. For example: Feature phone displays are very small, so learning activities for this device type should center on text messaging with a tutor or capturing photos for an assignment. Smartphones are significantly larger so there is a much wider range of learning activities available, especially around the creation of material such as photo and video for assignment or portfolio purposes, and a certain amount of web searching and browsing. Tablets are more akin to the desktop computing environment, although some tasks such as typing are harder and taking photos is bit clumsier due to the larger size of the device. They are great for short learning tasks, assessments, video watching, and much more. Warning – it's not about delivering courses Mobile learning can be many things. What it is not is simply the delivery of e-learning courses, which is traditionally the domain of the desktop computer, on a smaller device. Of course it can be used to deliver educational materials, but what is more important is that it can also be used to foster collaboration, to facilitate communication, to access performance support, and to capture evidence. But if you try to deliver an entire course purely on a mobile, then the likelihood is that no one will use it. Your mobile learning strategy Finding a starting point for your mobile learning design is easier said than done. It is often useful when designing any type of online interaction to think through a few typical user types and build up a picture of who they are and what they want to use the system for. This helps you to visualize who you are designing for. In addition to this, in order to understand how best to utilize mobile devices for learning, you also need to understand how people actually use their mobile devices. For example, learners are highly unlikely to sit at a smartphone and complete a 60 minutes e-learning course or type out an essay. But they are very likely to read an article, do some last minute test preparation or communicate with other learners. Who are your learners? Understanding your users is an important part of designing online experiences. You should take time to understand the types of learners within your own organization and what their mobile usage looks like, as a first step in delivering mobile learning on Moodle. With this in mind, let's look at a handful of typical mobile learners from around the world who could reasonably be expected to be using an educational or workplace learning platform such as Moodle: Maria is an office manager in Madrid, Spain. She doesn't leave home without her smartphone and uses it wherever she is, whether for e-mail, web searching and browsing, reading the news, or social networking. She lives in a country where smartphone penetration has reached almost half of the population, of whom two-third access the internet every day on their mobile. The company she works for has a small learning platform for delivery of work-based learning activities and performance support resources. Fourteen year old Jennifer attends school in Rio de Janeiro, Brazil. Like many of her peers, she carries a smartphone with her and it's a key part of her life. The Brazilian population is one of the most connected in the developing world with nearly half of the population using the Internet, and its mobile phone subscriptions accounting for one-third of the entire subscriptions across Latin America and the Caribbean. Her elementary school uses a learning platform for the delivery of course resources, formative assessments, and submission of student assignments. Nineteen year old Mike works as an apprentice at a large car maker in Sunderland, UK. He spends about one-third of his time in formal education, and his remaining days each week are spent on the production line, getting a thorough grounding in every element of the car manufacturing process. He owns a smartphone and uses it heavily, in a country where nearly half of the population accesses the Internet at least monthly on their smartphone. His employer has a learning platform for delivery of work-based learning and his college also has their own platform where he keeps a training diary and uploads evidence of skills acquisition for later submission and marking. Josh is a twenty year old university student in the United States. In his country, nearly 90 percent of adults now own a mobile phone and half of all adults use their phone to access the Internet, although in his age group this increases to three quarters. Among his student peers across the U.S., 40 percent are already doing test preparation on their mobiles, whether their institution provides the means or not. His university uses a learning platform for delivery of course resources, submission of student assignments, and student collaborative activities. These four particular learners were not chosen at random—there is one important thing that connects them all. The four countries they are from represent not just important mobile markets but, according to the statistics page on Moodle.org, also represent the four largest Moodle territories, together making up over a third of all registered Moodle sites in the world. When you combine those Moodle market statistics with the level of mobile internet usage in each country, you can immediately see why support for mobile learning is so important for Moodle sites. How do your learners use their devices? In 2012, Google published the findings of a research survey which investigated how users behave across computer, tablet, smartphone, and TV screens. Their researchers found that users make decisions about what device to use for a given task depending on four elements that together make up the user's context: location, goal, available time, and attitude. Each of these is important to take into account when thinking about what sort of learning interactions your users could engage in when using their mobile devices, and you should be aiming to offer a range of mobile learning interactions that can lend themselves to different contexts, for example, offering tasks ranging in length from 2 to 20 minutes, and tasks suited to different locations, such as home, work, college, or out in the field. The attitude element is an interesting one, and it's important to allow learners to choose tasks that are appropriate to their mood at the time. Google also found that users either move between screens to perform a single task ( sequential screening ) or use multiple screens at the same time ( simultaneous screening ). In the case of simultaneous screening, they are likely to be performing complementary tasks relating to the same activity on each screen. From a learning point of view, you can design for multi-screen tasks. For example, you may find learners use their computer to perform some complex research and then collect evidence in the field using their smartphone—these would be sequential screening tasks. A media studies student could be watching a rolling news channel on the television while taking photos, video, and notes for an assignment on his tablet or smartphone—these would be simultaneous screening tasks. Understanding the different scenarios in which learners can use multiple screens will open up new opportunities for mobile learning. A key statement from the Google research states that "Smartphones are the backbone of our daily media interactions". However, despite occupying such a dominant position in our lives, the smartphone also accounts for the lowest time per user interaction at an average of 17 minutes, as opposed to 30 minutes for tablet, 39 minutes for computer, and 43 minutes for TV. This is an important point to bear in mind when designing mobile learning: as a rule of thumb you can expect a learner to engage with a tablet-based task for half an hour, and a smartphone-based task for just a quarter of an hour. Google helpfully outlines some important multi-screen lessons. While these are aimed at identifying consumer behaviour and in particular online shopping habits, we can interpret them for use in mobile learning as follows: Understand how people consume digital media and tailor your learning strategies to each channel Learning goals should be adjusted to account for the inherent differences in each device Learners must be able to save their progress between devices Learners must be able to easily find the learning platform (Moodle) on each device Once in the learning platform, it must be easy for learners to find what they are looking for quickly Smartphones are the backbone of your learners' daily media use, so design your learning to be started on smartphone and continued on a tablet or desktop computer Having an understanding of how modern-day learners use their different screens and devices will have a real impact on your learning design. Mobile usage in your organization In 2011, the world reached a technology watershed when it was estimated that one third of the world's seven billion people were online. The growth in online users is dominated by the developing world and is fuelled by mobile devices. There are now a staggering six billion mobile phone subscriptions globally. Mobile technology has quite simply become ubiquitous. And as Google showed us, people use mobile devices as the backbone of their daily media consumption, and most people already use them for school, college, or work regardless of whether they are allowed to. In this section, we will look at how mobiles are used in some of the key sectors in which Moodle is used: in schools, further and higher education, and in the workplace. Mobile usage in school Moodle is widely used throughout primary and secondary education, and mobile usage among school pupils is widespread. The two are natural bedfellows in this sector. For example, in the UK half of all 12 to 15 year olds own a smartphone while 70 percent of 8 to 15 year olds have a games console such as a Nintendo DS or PlayStation in their bedroom. Mobile device use is quite simply rampant among school children. Many primary schools now have policies which allow children to bring mobile phones into school, recognizing that such devices have a role to play in helping pupils feel safe and secure, particularly on the journey to and from school. However, it is a fairly normal practice among this age group for mobiles to be handed in at the start of the school day and collected at the end of the day. For primary pupils, therefore, the use of mobile devices for education will be largely for homework. In secondary schools, the picture is very different. There is not likely to be a device hand-in policy during school hours and a variety of acceptable use policies will be in use. An acceptable use policy may include a provision for using mobiles in lesson time, with a teacher's agreement, for the purposes of supporting learning. This, of course, opens up valuable learning opportunities. Mobile learning in education has been the subject of a number of initiatives and research studies which are all excellent sources of information. These include: Learning2Go, who were pioneers in mobile learning for schools in the UK, distributing hundreds of Windows Mobile devices to Wolverhampton schools between 2003 and 2007, introducing smartphones in 2008 under the Computers for Pupils initiative and the national MoLeNET scheme. Learning Untethered, which was not a formal research project but an exploration that gave Android tablets to a class of fifth graders. It was noted that the overall ''feel'' of the classroom shifted as students took a more active role in discovery, exploration and active learning. The Dudley Handhelds initiative, which provided 300 devices to learners in grade five to ten across six primary schools, one secondary special school, and one mainstream secondary school. These are just a few of the many research studies available, and they are well worth a read to understand how schools have been implementing mobile learning for different age groups. Mobile usage in further and higher education College students are heavy users of mobiles, and there is a roughly half and half split between smartphones and feature phones among the student community. Of the smartphone users, over 80 percent use them for college-related tasks. As we saw from Google's research, smartphones are the backbone of your learners' daily media use for those who have them. So if you don't already provide mobile learning opportunities on your Moodle site, then it is likely that your users are already helping themselves to the vast array of mobile learning sites and apps that have sprung up in recent years to meet the high demand for such services. If you don't provide your students with mobile learning opportunities, you can bet your bottom dollar that someone else is, and it could be of dubious quality or out of date. Despite the ubiquity of the mobile, many schools and colleges continue to ban them, viewing mobiles as a distraction or a means of bullying. They are fighting a rising tide, however. Students are living their lives through their mobile devices, and these devices have become their primary means of communication. A study in late 2012 of nearly 295,000 students found that despite e-mail, IM, and text messaging being the dominant peer-communication tools for students, less than half of 14 to 18 year olds and only a quarter of 11 to 14 year olds used them to communicate with their teachers. Over half of high school students said they would use their smartphone to communicate with their teacher if it was allowed. Unfortunately it rarely is, but this will change. Students want to be able to communicate electronically with their teachers; they want online text articles with classmate collaboration tools; they want to go online on their mobile to get information. Go to where your students are and communicate with them in their native environment, which is via their mobile. Be there for them, engage them, and inspire them. In the years approaching 2010, some higher education institutions started engaging in headline-grabbing "iPad for every student" initiatives. Many institutions adopted a quick-win strategy of making mobile-friendly websites with access to campus information, directories, news and events. It is estimated that in the USA over 90 percent of higher education institutions have mobile-friendly websites. Some of the headline-grabbing initiatives include the following: Seton Hill University was the first to roll out iPads to all full-time students in 2010 and have continued to do so every year since. They are at the forefront of mobile learning in the US University sector and use Moodle as their virtual learning environment (VLE). Abilene Christian University was the first university in the U.S. to provide iPhones or iPod Touches to all new full-time students in 2008, and are regarded as one of the most mobile-friendly campuses in the U.S. The University of Western Sydney in Australia will roll out 11,000 iPads to all faculty and newly-enrolled students in 2013, as well as creating their own mobile apps. Coventry University in the UK is creating a smart campus in which the geographical location of students triggers access to content and experiences through their mobile devices. MoLeNET in the UK was one of the world's largest mobile learning implementations, comprising 115 colleges, 29 schools, 50,000 students, and 4,000 staff from 2007 to 2010. This was a research-led initiative although unfortunately the original website has now been taken down. While some of these examples are about providing mobile devices to new students, the Bring Your Own Device (BYOD) trend is strong in further and higher education. We know that mobile devices form the backbone of students' media consumption and in the U.S. alone, 75 percent of students use their phone to access the Internet. Additionally, 40 percent have signed up to online test preparation sites on their mobiles, heavily suggesting that if an institution doesn't provide mobile learning services, students will go and get it elsewhere anyway. Instead of the glamorous offer of iPads for all, some institutions have chosen to invest heavily in their wireless network infrastructure in support of a BYOD approach. This is a very heavy investment and can be far more expensive than a few thousand iPads. Some BYOD implementations include: King's College London in the UK, which supports 6,000 staff and 23,500 students The University of Tennessee at Knoxville in the U.S., which hosts more than 26,000 students and 5,000 faculty and staff members, with nearly 75,000 smartphones, tablets, and laptops The University of South Florida in the U.S., which supports 40,000 users Sau Paolo State University in Brazil, which has 45,000 students and noted that despite providing desktop machines in the computer labs, half of all students opted to use their own devices instead There are many challenges to BYOD which are not within the scope of this article, but there are also many resources on how to implement a BYOD policy that minimizes such risks. Use the Internet to seek these out. Providing campus information websites on mobiles obviously was not the key rationale behind such technology investments. The real interest is in delivering mobile learning, and this remains an area full of experimentation and research. Google Scholar can be used to chart the rise of mobile learning research and it becomes evident how this really takes off in the second half of the decade, when the first major institutions started investing in mobile technology. It indexes scholarly literature, including journal and conference papers, theses and dissertations, academic articles, pre-prints, abstracts, and technical reports. A year-by-year search reveals the rise of mobile learning research from just over 100 articles in 2000 to over 6,000 in 2012. The following chart depicts the rise of mobile learning in academic research: Mobile usage in apprenticeships A typical apprenticeship will include a significant amount of college-based learning towards a qualification, alongside a major component based in the workplace under the supervision of an employer while the apprentice learns a particular trade. Due to the movement of the student from college to workplace, and the fact that the apprentice usually has to keep a reflective log and capture evidence of their skills acquisition, mobile devices can play a really useful role in apprenticeships. Traditionally, the age group for apprenticeships is 16 to 24 year olds. This is an age group that has never known a world without mobiles and their mobile devices are integrated into the fabric of their daily lives and media consumption. They use social networks, SMS, and instant messaging rather than e-mail, and are more likely to use the mobile internet than any other age group. Statistics from the U.S. reveal that 75 percent of students use their phone to access the Internet. Reflective logs are an important part of any apprenticeship. There are a number of activities in Moodle that can be used for keeping reflective logs, and these are ideal for mobile learning. Reflective log entries tend to be shorter than traditional assignments and lend themselves well to production on a tablet or even a smartphone. Consumption of reflective logs is perfect for both smartphone and tablet devices, as posts tend to be readable in less than 5 minutes. Many institutions use Moodle coupled with an ePortfolio tool such as Mahara or Onefile to manage apprenticeship programs. There are additional Packt Publishing articles on ePortfolio tools such as Mahara, should you wish to investigate a third-party, open source ePortfolio solution. Mobile usage in the workplace BYOD in the workplace is also becoming increasingly common, and, appears to be an unstoppable trend. It may also be discouraged or banned on security, data protection, or distraction grounds, but it is happening regardless. There is an increasing amount of research available on this topic, and some key findings from various studies reveal the scale of the trend: A survey of 600 IT and business leaders revealed that 90 percent of survey respondents had employees using their own devices at work 65 to 75 percent of companies allow some sort of BYOD usage 80 to 90 percent of employees use a personal mobile device for business use If you are a workplace learning practitioner then you need to sit up and take note of these numbers if you haven't done so already. Even if your organization doesn't officially have a BYOD policy, it is most likely that your employees are already using their own mobile devices for business purposes. It's up to your IT department to manage this safely, and again there are many resources and case studies available online to help with this. But as a learning practitioner, whether it's officially supported or not, it's worth asking yourself whether you should embrace it anyway, and provide learning activities to these users and their devices. Mobile usage in distance learning Online distance learning is principally used in higher education (HE), and many institutions have taken to it either as a new stream of revenue or as a way of building their brand globally. Enrolments have rocketed over recent years; the number of U.S. students enrolled in an online course has increased from one to six million in a decade. Online enrolments have also been the greatest source of new enrolments in HE in that time, outperforming general student enrolment dramatically. Indeed, the year 2011 in the US saw a 10 percent growth rate in distance learning enrolment against 2 percent in the overall HE student population. In the 2010 to 2011 academic years, online enrolments accounted for 31 percent of all U.S. HE enrolments. Against this backdrop of phenomenal growth in HE distance learning courses, we also have a new trend of Massive Online Open Courses (MOOCs) which aim to extend enrolment past traditional student populations to the vast numbers of potential students for whom a formal HE program of study may not be an option. The convenience and flexibility of distance learning appeal to certain groups of the population. Distance learners are likely to be older students, with more than 30 years of age being the dominant age group. They are also more likely to be in full-time employment and taking the course to help advance their careers, and are highly likely to be married and juggling home and family commitments with their jobs and coursework. We know that among the 30 to 40 age group mobile device use is very high, particularly among working professionals, who are a major proportion of HE distance learners. However, the MOOC audience is of real interest here as this audience is much more diverse. As many MOOC users find traditional HE programs out of their reach, many of these will be in developing countries, where we already know that users are leapfrogging desktop computing and going straight to mobile devices and wireless connectivity. For these types of courses, mobile support is absolutely crucial. A wide variety of tools exist to support online distance learning, and these are split between synchronous and asynchronous tools, although typically a blend of the two is used. In synchronous learning, all participants are present at the same time. Courses will therefore be organized to a timetable, and will involve tools such as webinars, video conferences, and real-time chat. In asynchronous learning, courses are self-directed and students work to their own schedules, and tools include e-mail, discussion forums, audio recording, video recordings, and printed material. Connecting distance learning from traditional institutions to MOOCs is a recognized need to improve course quality and design, faculty training, course assessment, and student retention. There are known barriers, including motivation, feedback, teacher contact, and student isolation. These are major challenges to the effectiveness of distance learning, and later in this article we will demonstrate how mobile devices can be used to address some of these areas. Case studies The following case studies illustrate two approaches to how an HE institution and a distance learning institution have adopted Moodle to deliver mobile learning. Both institutions were very early movers in making Moodle mobile-friendly, and can be seen as torch bearers for the rest of us. Fortunately, both institutions have also been influential in the approach that Moodle HQ have taken to mobile compatibility, so in using the new mobile features in recent versions of Moodle, we are all able to take advantage of the substantial amount of work that went into these two sites. University of Sussex The University of Sussex is a research-led HE institution on the south coast of England. They use a customized Moodle 1.9 installation called Study Direct, which plays host to 1,500 editing tutors and 15,000 students across 2,100 courses per year, and receives 13,500 unique hits per day. The e-learning team at the University of Sussex contains five staff (one manager, two developers, one user support, and one tutor support) whose remit covers a much wider range of learning technologies beyond the VLE. However, the team has achieved a great deal with limited resources. It has been working towards a responsive design for some years and has helped to influence the direction of Moodle with regards to designing for mobile devices and usability, through speaking at UK Moodle and HE conferences and providing passionate inputs into debates on the Moodle forums on the subject of interface design. Further to this, team member Stuart Lamour is one of the three original developers of the Bootstrap theme for Moodle, which is used throughout this article. The Study Direct site shows what is possible in Moodle, given the time and resources for its development and a focus on user-centered design. The approach has been to avoid going down the native application route for mobile access like many institutions have done, and to instead focus on a responsive, browser-based user experience. The login page is simple and clean. One of the nice things that the University of Sussex has done is to think through the user interactions on its site and clearly identify calls to action, typically with a green button, as shown by the sign in button on the login page in the following screenshot: The team has built its own responsive theme for Moodle. While the team has taken a leading role on development of the Moodle 2 Bootstrap theme, the University of Sussex site is still on Moodle 1.9 so this implementation uses its own custom theme. This theme is fully responsive and looks good when viewed on a tablet or a smartphone, reordering screen elements as necessary for each screen resolution. The course page, shown in the following screenshot, is similarly clear and uncluttered. The editing interface has been customized quite heavily to give tutors a clear and easy way to edit their courses without running the risk of messing up the user interface. The team maintains a useful and informative blog explaining what they have done to improve the user experience, and which is well worth a read. Open University The Open University (OU) in the UK runs one the largest Moodle sites in the world. It is currently using Moodle 2 for the OU's main VLE as well as for its OpenLearn and Qualifications online platforms. Its Moodle implementation regularly sees days with well over one million transactions and over 60,000 unique users, and has seen peak times of 5,000 simultaneous online users. The OU's focus on mobile Moodle goes back to about 2010, so it was an early mover in this area. This means that the OU did not have the benefit of all the mobile-friendly features that now come with Moodle, but had to largely create its own mobile interface from scratch. Anthony Forth gave a presentation at the UK Moodle Moot in 2011 on the OU's approach to mobile interface design for Moodle. He identified that at the time the Open University migrated to Moodle 2 in 2011 it had over 13,000 mobile users per month. The OU chose to survey a group of 558 of these users in detail to investigate their needs more closely. It transpired that the most popular uses of Moodle on mobile devices was for forums, news, resources and study planners, while areas such as wikis and blogs were very low down the list of users' priorities. So the OU's mobile design focused on these particular areas as well as looking at usability in general. The preceding screenshot shows the OU course page with tabbed access to the popular areas such as Planner, News, Forums, and Resources, and then the main content area providing space for latest news, unread forum posts, and activities taking place this week. The site uses a nice, clean, and easy to understand user interface in which a lot of thought has gone into the needs of the student. Summary In this article, we have provided you with a vision of how mobile learning could be put to use on your own organization's Moodle platform. We gave you an understanding of some of the foundation concepts of mobile learning, some insights into how important mobile learning is becoming, and how it is gaining momentum in different sectors. Your learners are already using mobile devices whether in educational institutions or in the workplace, and they use mobile devices as the backbone of their daily online interactions. They want to also use them for learning. Hopefully, we have started you off on a mobile learning path that will allow you to make this happen. Mobile devices are where the future of Moodle is going to be played out, so it makes complete sense to be designing for mobile access right now. Fortunately, Moodle already provides the means for this to happen and provides tools that allow you to set it up for mobile delivery. Resources for Article : Further resources on this subject: Getting Started with Moodle 2.0 for Business [Article] Managing Student Work using Moodle: Part 2 [Article] Integrating Moodle 2.0 with Mahara and GoogleDocs for Business [Article]

(For more resources related to this topic, see here.) Penetration Testing goes beyond an assessment by evaluating identified vulnerabilities to verify if the vulnerability is real or a false positive. For example, an audit or an assessment may utilize scanning tools that provide a few hundred possible vulnerabilities on multiple systems. A Penetration Test would attempt to attack those vulnerabilities in the same manner as a malicious hacker to verify which vulnerabilities are genuine reducing the real list of system vulnerabilities to a handful of security weaknesses. The most effective Penetration Tests are the ones that target a very specific system with a very specific goal. Quality over quantity is the true test of a successful Penetration Test. Enumerating a single system during a targeted attack reveals more about system security and response time to handle incidents than wide spectrum attack. By carefully choosing valuable targets, a Penetration Tester can determine the entire security infrastructure and associated risk for a valuable asset. This is a common misinterpretation and should be clearly explained to all potential customers. Penetration Testing evaluates the effectiveness of existing security. If a customer does not have strong security then they will receive little value from Penetration Testing services. As a consultant, it is recommended that Penetration Testing services are offered as a means to verify security for existing systems once a customer believes they have exhausted all efforts to secure those systems and are ready to evaluate if there are any existing gaps in securing those systems. Positioning a proper scope of work is critical when selling Penetration Testing services. The scope of work defines what systems and applications are being targeted as well as what toolsets may be used to compromise vulnerabilities that are found. Best practice is working with your customer during a design session to develop an acceptable scope of work that doesn't impact the value of the results. Web Penetration Testing with Kali Linux—the next generation of BackTrack —is a hands-on guide that will provide you step-by-step methods for finding vulnerabilities and exploiting web applications. This article will cover researching targets, identifying and exploiting vulnerabilities in web applications as well as clients using web application services, defending web applications against common attacks, and building Penetration Testing deliverables for professional services practice. We believe this article is great for anyone who is interested in learning how to become a Penetration Tester, users who are new to Kali Linux and want to learn the features and differences in Kali versus BackTrack, and seasoned Penetration Testers who may need a refresher or reference on new tools and techniques. This article will break down the fundamental concepts behind various security services as well as guidelines for building a professional Penetration Testing practice. Concepts include differentiating a Penetration Test from other services, methodology overview, and targeting web applications. This article also provides a brief overview of setting up a Kali Linux testing or real environment. Web application Penetration Testing concepts A web application is any application that uses a web browser as a client. This can be a simple message board or a very complex spreadsheet. Web applications are popular based on ease of access to services and centralized management of a system used by multiple parties. Requirements for accessing a web application can follow industry web browser client standards simplifying expectations from both the service providers as well as the hosts accessing the application. Web applications are the most widely used type of applications within any organization. They are the standard for most Internet-based applications. If you look at smartphones and tablets, you will find that most applications on these devices are also web applications. This has created a new and large target-rich surface for security professionals as well as attackers exploiting those systems. Penetration Testing web applications can vary in scope since there is a vast number of system types and business use cases for web application services. The core web application tiers which are hosting servers, accessing devices, and data depository should be tested along with communication between the tiers during a web application Penetration Testing exercise. An example for developing a scope for a web application Penetration Test is testing a Linux server hosting applications for mobile devices. The scope of work at a minimum should include evaluating the Linux server (operating system, network configuration, and so on), applications hosted from the server, how systems and users authenticate, client devices accessing the server and communication between all three tiers. Additional areas of evaluation that could be included in the scope of work are how devices are obtained by employees, how devices are used outside of accessing the application, the surrounding network(s), maintenance of the systems, and the users of the systems. Some examples of why these other areas of scope matter are having the Linux server compromised by permitting connection from a mobile device infected by other means or obtaining an authorized mobile device through social media to capture confidential information. Some deliverable examples in this article offer checkbox surveys that can assist with walking a customer through possible targets for a web application Penetration Testing scope of work. Every scope of work should be customized around your customer's business objectives, expected timeframe of performance, allocated funds, and desired outcome. As stated before, templates serve as tools to enhance a design session for developing a scope of work. Penetration Testing methodology There are logical steps recommended for performing a Penetration Test. The first step is identifying the project's starting status. The most common terminology defining the starting state is Black box testing, White box testing, or a blend between White and Black box testing known as Gray box testing. Black box assumes the Penetration Tester has no prior knowledge of the target network, company processes, or services it provides. Starting a Black box project requires a lot of reconnaissance and, typically, is a longer engagement based on the concept that real-world attackers can spend long durations of time studying targets before launching attacks. As a security professional, we find Black box testing presents some problems when scoping a Penetration Test. Depending on the system and your familiarity with the environment, it can be difficult to estimate how long the reconnaissance phase will last. This usually presents a billing problem. Customers, in most cases, are not willing to write a blank cheque for you to spend unlimited time and resources on the reconnaissance phase; however, if you do not spend the time needed then your Penetration Test is over before it began. It is also unrealistic because a motivated attacker will not necessarily have the same scoping and billing restrictions as a professional Penetration Tester. That is why we recommend Gray box over Black box testing. White box is when a Penetration Tester has intimate knowledge about the system. The goals of the Penetration Test are clearly defined and the outcome of the report from the test is usually expected. The tester has been provided with details on the target such as network information, type of systems, company processes, and services. White box testing typically is focused on a particular business objective such as meeting a compliance need, rather than generic assessment, and could be a shorter engagement depending on how the target space is limited. White box assignments could reduce information gathering efforts, such as reconnaissance services, equaling less cost for Penetration Testing services. Gray box testing falls in between Black and White box testing. It is when the client or system owner agrees that some unknown information will eventually be discovered during a Reconnaissance phase, but allows the Penetration Tester to skip this part. The Penetration Tester is provided some basic details of the target; however, internal workings and some other privileged information is still kept from the Penetration Tester. Real attackers tend to have some information about a target prior to engaging the target. Most attackers (with the exception of script kiddies or individuals downloading tools and running them) do not choose random targets. They are motivated and have usually interacted in some way with their target before attempting an attack. Gray box is an attractive choice approach for many security professionals conducting Penetration Tests because it mimics real-world approaches used by attackers and focuses on vulnerabilities rather than reconnaissance. The scope of work defines how penetration services will be started and executed. Kicking off a Penetration Testing service engagement should include an information gathering session used to document the target environment and define the boundaries of the assignment to avoid unnecessary reconnaissance services or attacking systems that are out of scope. A well-defined scope of work will save a service provider from scope creep (defined as uncontrolled changes or continuous growth in a project's scope), operate within the expected timeframe and help provide more accurate deliverable upon concluding services. Real attackers do not have boundaries such as time, funding, ethics, or tools meaning that limiting a Penetration Testing scope may not represent a real-world scenario. In contrast to a limited scope, having an unlimited scope may never evaluate critical vulnerabilities if a Penetration Test is concluded prior to attacking desired systems. For example, a Penetration Tester may capture user credentials to critical systems and conclude with accessing those systems without testing how vulnerable those systems are to network-based attacks. It's also important to include who is aware of the Penetration Test as a part of the scope. Real attackers may strike at anytime and probably when people are least expecting it. Some fundamentals for developing a scope of work for a Penetration Test are as follows: Definition of Target System(s): This specifies what systems should be tested. This includes the location on the network, types of systems, and business use of those systems. Timeframe of Work Performed: When the testing should start and what is the timeframe provided to meet specified goals. Best practice is NOT to limit the time scope to business hours. How Targets Are Evaluated: What types of testing methods such as scanning or exploitation are and not permitted? What is the risk associated with permitted specific testing methods? What is the impact of targets that become inoperable due to penetration attempts? Examples are; using social networking by pretending to be an employee, denial of service attack on key systems, or executing scripts on vulnerable servers. Some attack methods may pose a higher risk of damaging systems than others. Tools and software: What tools and software are used during the Penetration Test? This is important and a little controversial. Many security professionals believe if they disclose their tools they will be giving away their secret sauce. We believe this is only the case when security professionals used widely available commercial products and are simply rebranding canned reports from these products. Seasoned security professionals will disclose the tools being used, and in some cases when vulnerabilities are exploited, documentation on the commands used within the tools to exploit a vulnerability. This makes the exploit re-creatable, and allows the client to truly understand how the system was compromised and the difficulty associated with the exploit. Notified Parties: Who is aware of the Penetration Test? Are they briefed beforehand and able to prepare? Is reaction to penetration efforts part of the scope being tested? If so, it may make sense not to inform the security operations team prior to the Penetration Test. This is very important when looking at web applications that may be hosted by another party such as a cloud service provider that could be impacted from your services. Initial Access Level: What type of information and access is provided prior to kicking off the Penetration Test? Does the Penetration Tester have access to the server via Internet and/or Intranet? What type of initial account level access is granted? Is this a Black, White, or Gray box assignment for each target? Definition of Target Space: This defines the specific business functions included in the Penetration Test. For example, conducting a Penetration Test on a specific web application used by sales while not touching a different application hosted from the same server. Identification of Critical Operation Areas: Define systems that should not be touched to avoid a negative impact from the Penetration Testing services. Is the active authentication server off limits? It's important to make critical assets clear prior to engaging a target. Definition of the Flag: It is important to define how far a Penetration Test should compromise a system or a process. Should data be removed from the network or should the attacker just obtain a specific level of unauthorized access? Deliverable: What type of final report is expected? What goals does the client specify to be accomplished upon closing a Penetration Testing service agreement? Make sure the goals are not open-ended to avoid scope creep of expected service. Is any of the data classified or designated for a specific group of people? How should the final report be delivered? It is important to deliver a sample report or periodic updates so that there are no surprises in the final report. Remediation expectations: Are vulnerabilities expected to be documented with possible remediation action items? Who should be notified if a system is rendered unusable during a Penetration Testing exercise? What happens if sensitive data is discovered? Most Penetration Testing services do NOT include remediation of problems found. Some service definitions that should be used to define the scope of services are: Security Audit: Evaluating a system or an application's risk level against a set of standards or baselines. Standards are mandatory rules while baselines are the minimal acceptable level of security. Standards and baselines achieve consistency in security implementations and can be specific to industries, technologies, and processes. Most requests for security serves for audits are focused on passing an official audit (for example preparing for a corporate or a government audit) or proving the baseline requirements are met for a mandatory set of regulations (for example following the HIPAA and HITECH mandates for protecting healthcare records). It is important to inform potential customers if your audit services include any level of insurance or protection if an audit isn't successful after your services. It's also critical to document the type of remediation included with audit services (that is, whether you would identify a problem, offer a remediation action plan or fix the problem). Auditing for compliance is much more than running a security tool. It relies heavily on the standard types of reporting and following a methodology that is an accepted standard for the audit. In many cases, security audits give customers a false sense of security depending on what standards or baselines are being audited. Most standards and baselines have a long update process that is unable to keep up with the rapid changes in threats found in today's cyber world. It is HIGHLY recommended to offer security services beyond standards and baselines to raise the level of security to an acceptable level of protection for real-world threats. Services should include following up with customers to assist with remediation along with raising the bar for security beyond any industry standards and baselines. Vulnerability Assessment: This is the process in which network devices, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities. Vulnerability is a gap, error, or weakness in how a system is designed, used, and protected. When a vulnerability is exploited, it can result in giving unauthorized access, escalation of privileges, denial-of-service to the asset, or other outcomes. Vulnerability Assessments typically stop once a vulnerability is found, meaning that the Penetration Tester doesn't execute an attack against the vulnerability to verify if it's genuine. A Vulnerability Assessment deliverable provides potential risk associated with all the vulnerabilities found with possible remediation steps. There are many solutions such as Kali Linux that can be used to scan for vulnerabilities based on system/server type, operating system, ports open for communication and other means. Vulnerability Assessments can be White, Gray, or Black box depending on the nature of the assignment. Vulnerability scans are only useful if they calculate risk. The downside of many security audits is vulnerability scan results that make security audits thicker without providing any real value. Many vulnerability scanners have false positives or identify vulnerabilities that are not really there. They do this because they incorrectly identify the OS or are looking for specific patches to fix vulnerabilities but not looking at rollup patches (patches that contain multiple smaller patches) or software revisions. Assigning risk to vulnerabilities gives a true definition and sense of how vulnerable a system is. In many cases, this means that vulnerability reports by automated tools will need to be checked. Customers will want to know the risk associated with vulnerability and expected cost to reduce any risk found. To provide the value of cost, it's important to understand how to calculate risk. Calculating risk It is important to understand how to calculate risk associated with vulnerabilities found, so that a decision can be made on how to react. Most customers look to the CISSP triangle of CIA when determining the impact of risk. CIA is the confidentiality, integrity, and availability of a particular system or application. When determining the impact of risk, customers must look at each component individually as well as the vulnerability in its entirety to gain a true perspective of the risk and determine the likelihood of impact. It is up to the customer to decide if the risk associated to vulnerability found justifies or outweighs the cost of controls required to reduce the risk to an acceptable level. A customer may not be able to spend a million dollars on remediating a threat that compromises guest printers; however, they will be very willing to spend twice as much on protecting systems with the company's confidential data. The Certified Information Systems Security Professional (CISSP) curriculum lists formulas for calculating risk as follow. A Single Loss Expectancy (SLE) is the cost of a single loss to an Asset Value (AV). Exposure Factor (EF) is the impact the loss of the asset will have to an organization such as loss of revenue due to an Internet-facing server shutting down. Customers should calculate the SLE of an asset when evaluating security investments to help identify the level of funding that should be assigned for controls. If a SLE would cause a million dollars of damage to the company, it would make sense to consider that in the budget. The Single Loss Expectancy formula: SLE = AV * EF The next important formula is identifying how often the SLE could occur. If an SLE worth a million dollars could happen once in a million years, such as a meteor falling out of the sky, it may not be worth investing millions in a protection dome around your headquarters. In contrast, if a fire could cause a million dollars worth of damage and is expected every couple of years, it would be wise to invest in a fire prevention system. The number of times an asset is lost is called the Annual Rate of Occurrence (ARO). The Annualized Loss Expectancy (ALE) is an expression of annual anticipated loss due to risk. For example, a meteor falling has a very low annualized expectancy (once in a million years), while a fire is a lot more likely and should be calculated in future investments for protecting a building. Annualized Loss Expectancy formula: ALE = SLE * ARO The final and important question to answer is the risk associated with an asset used to figure out the investment for controls. This can determine if and how much the customer should invest into remediating vulnerability found in a asset. Risk formula: Risk = Asset Value * Threat * Vulnerability * Impact It is common for customers not to have values for variables in Risk Management formulas. These formulas serve as guidance systems, to help the customer better understand how they should invest in security. In my previous examples, using the formulas with estimated values for a meteor shower and fire in a building, should help explain with estimated dollar value why a fire prevention system is a better investment than metal dome protecting from falling objects. Penetration Testing is the method of attacking system vulnerabilities in a similar way to real malicious attackers. Typically, Penetration Testing services are requested when a system or network has exhausted investments in security and clients are seeking to verify if all avenues of security have been covered. Penetration Testing can be Black, White, or Gray box depending on the scope of work agreed upon. The key difference between a Penetration Test and Vulnerability Assessment is that a Penetration Test will act upon vulnerabilities found and verify if they are real reducing the list of confirmed risk associated with a target. A Vulnerability Assessment of a target could change to a Penetration Test once the asset owner has authorized the service provider to execute attacks against the vulnerabilities identified in a target. Typically, Penetration Testing services have a higher cost associated since the services require more expensive resources, tools, and time to successfully complete assignments. One popular misconception is that a Penetration Testing service enhances IT security since services have a higher cost associated than other security services: Penetration Testing does not make IT networks more secure, since services evaluate existing security! A customer should not consider a Penetration Test if there is a belief the target is not completely secure. Penetration Testing can cause a negative impact to systems: It's critical to have authorization in writing from the proper authorities before starting a Penetration Test of an asset owned by another party. Not having proper authorization could be seen as illegal hacking by authorities. Authorization should include who is liable for any damages caused during a penetration exercise as well as who should be contacted to avoid future negative impacts once a system is damaged. Best practice is alerting the customers of all the potential risks associated with each method used to compromise a target prior to executing the attack to level set expectations. This is also one of the reasons we recommend targeted Penetration Testing with a small scope. It is easier to be much more methodical in your approach. As a common best practice, we receive confirmation, which is a worst case scenario, that a system can be restored by a customer using backups or some other disaster recovery method. Penetration Testing deliverable expectations should be well defined while agreeing on a scope of work. The most common methods by which hackers obtain information about targets is through social engineering via attacking people rather than systems. Examples are interviewing for a position within the organization and walking out a week later with sensitive data offered without resistance. This type of deliverable may not be acceptable if a customer is interested in knowing how vulnerable their web applications are to remote attack. It is also important to have a defined end-goal so that all parties understand when the penetration services are considered concluded. Usually, an agreed-upon deliverable serves this purpose. A Penetration Testing engagement's success for a service provider is based on profitability of time and services used to deliver the Penetration Testing engagement. A more efficient and accurate process means better results for less services used. The higher the quality of the deliverables, the closer the service can meet customer expectation, resulting in a better reputation and more future business. For these reasons, it's important to develop a methodology for executing Penetration Testing services as well as for how to report what is found. Kali Penetration Testing concepts Kali Linux is designed to follow the flow of a Penetration Testing service engagement. Regardless if the starting point is White, Black, or Gray box testing, there is a set of steps that should be followed when Penetration Testing a target with Kali or other tools. Step 1 – Reconnaissance You should learn as much as possible about a target's environment and system traits prior to launching an attack. The more information you can identify about a target, the better chance you have to identify the easiest and fastest path to success. Black box testing requires more reconnaissance than White box testing since data is not provided about the target(s). Reconnaissance services can include researching a target's Internet footprint, monitoring resources, people, and processes, scanning for network information such as IP addresses and systems types, social engineering public services such as help desk and other means. Reconnaissance is the first step of a Penetration Testing service engagement regardless if you are verifying known information or seeking new intelligence on a target. Reconnaissance begins by defining the target environment based on the scope of work. Once the target is identified, research is performed to gather intelligence on the target such as what ports are used for communication, where it is hosted, the type of services being offered to clients, and so on. This data will develop a plan of action regarding the easiest methods to obtain desired results. The deliverable of a reconnaissance assignment should include a list of all the assets being targeted, what applications are associated with the assets, services used, and possible asset owners. Kali Linux offers a category labeled Information Gathering that serves as a Reconnaissance resource. Tools include methods to research network, data center, wireless, and host systems. The following is the list of Reconnaissance goals: Identify target(s) Define applications and business use Identify system types Identify available ports Identify running services Passively social engineer information Document findings Step 2 – Target evaluation Once a target is identified and researched from Reconnaissance efforts, the next step is evaluating the target for vulnerabilities. At this point, the Penetration Tester should know enough about a target to select how to analyze for possible vulnerabilities or weakness. Examples for testing for weakness in how the web application operates, identified services, communication ports, or other means. Vulnerability Assessments and Security Audits typically conclude after this phase of the target evaluation process. Capturing detailed information through Reconnaissance improves accuracy of targeting possible vulnerabilities, shortens execution time to perform target evaluation services, and helps to avoid existing security. For example, running a generic vulnerability scanner against a web application server would probably alert the asset owner, take a while to execute and only generate generic details about the system and applications. Scanning a server for a specific vulnerability based on data obtained from Reconnaissance would be harder for the asset owner to detect, provide a good possible vulnerability to exploit, and take seconds to execute. Evaluating targets for vulnerabilities could be manual or automated through tools. There is a range of tools offered in Kali Linux grouped as a category labeled Vulnerability Analysis. Tools range from assessing network devices to databases. The following is the list of Target Evaluation goals: Evaluation targets for weakness Identify and prioritize vulnerable systems Map vulnerable systems to asset owners Document findings Step 3 – Exploitation This step exploits vulnerabilities found to verify if the vulnerabilities are real and what possible information or access can be obtained. Exploitation separates Penetration Testing services from passive services such as Vulnerability Assessments and Audits. Exploitation and all the following steps have legal ramifications without authorization from the asset owners of the target. The success of this step is heavily dependent on previous efforts. Most exploits are developed for specific vulnerabilities and can cause undesired consequences if executed incorrectly. Best practice is identifying a handful of vulnerabilities and developing an attack strategy based on leading with the most vulnerable first. Exploiting targets can be manual or automated depending on the end objective. Some examples are running SQL Injections to gain admin access to a web application or social engineering a Helpdesk person into providing admin login credentials. Kali Linux offers a dedicated catalog of tools titled Exploitation Tools for exploiting targets that range from exploiting specific services to social engineering packages. The following is the list of Exploitation goals: Exploit vulnerabilities Obtain foothold Capture unauthorized data Aggressively social engineer Attack other systems or applications Document findings Step 4 – Privilege Escalation Having access to a target does not guarantee accomplishing the goal of a penetration assignment. In many cases, exploiting a vulnerable system may only give limited access to a target's data and resources. The attacker must escalate privileges granted to gain the access required to capture the flag, which could be sensitive data, critical infrastructure, and so on. Privilege Escalation can include identifying and cracking passwords, user accounts, and unauthorized IT space. An example is achieving limited user access, identifying a shadow file containing administration login credentials, obtaining an administrator password through password cracking, and accessing internal application systems with administrator access rights. Kali Linux includes a number of tools that can help gain Privilege Escalation through the Password Attacks and Exploitation Tools catalog. Since most of these tools include methods to obtain initial access and Privilege Escalation, they are gathered and grouped according to their toolsets. The following is a list of Privilege Escalation goals: Obtain escalated level access to system(s) and network(s) Uncover other user account information Access other systems with escalated privileges Document findings Step 5 – maintaining a foothold The final step is maintaining access by establishing other entry points into the target and, if possible, covering evidence of the penetration. It is possible that penetration efforts will trigger defenses that will eventually secure how the Penetration Tester obtained access to the network. Best practice is establishing other means to access the target as insurance against the primary path being closed. Alternative access methods could be backdoors, new administration accounts, encrypted tunnels, and new network access channels. The other important aspect of maintaining a foothold in a target is removing evidence of the penetration. This will make it harder to detect the attack thus reducing the reaction by security defenses. Removing evidence includes erasing user logs, masking existing access channels, and removing the traces of tampering such as error messages caused by penetration efforts. Kali Linux includes a catalog titled Maintaining Access focused on keeping a foothold within a target. Tools are used for establishing various forms of backdoors into a target. The following is a list of goals for maintaining a foothold: Establish multiple access methods to target network Remove evidence of authorized access Repair systems impacting by exploitation Inject false data if needed Hide communication methods through encryption and other means Document findings Introducing Kali Linux The creators of BackTrack have released a new, advanced Penetration Testing Linux distribution named Kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released on March 13th, 2013. Kali Linux is based on Debian and an FHS-compliant filesystem. Kali has many advantages over BackTrack. It comes with many more updated tools. The tools are streamlined with the Debian repositories and synchronized four times a day. That means users have the latest package updates and security fixes. The new compliant filesystems translate into running most tools from anywhere on the system. Kali has also made customization, unattended installation, and flexible desktop environments strong features in Kali Linux. Kali Linux is available for download at http://www.kali.org/. Kali system setup Kali Linux can be downloaded in a few different ways. One of the most popular ways to get Kali Linux is to download the ISO image. The ISO image is available in 32-bit and 64-bit images. If you plan on using Kali Linux on a virtual machine such as VMware, there is a VM image prebuilt. The advantage of downloading the VM image is that it comes preloaded with VMware tools. The VM image is a 32-bit image with Physical Address Extension support, or better known as PAE. In theory, a PAE kernel allows the system to access more system memory than a traditional 32-bit operating system. There have been some well-known personalities in the world of operating systems that have argued for and against the usefulness of a PAE kernel. However, the authors of this article suggest using the VM image of Kali Linux if you plan on using it in a virtual environment. Running Kali Linux from external media Kali Linux can be run without installing software on a host hard drive by accessing it from an external media source such as a USB drive or DVD. This method is simple to enable; however, it has performance and operational implementations. Kali Linux having to load programs from a remote source would impact performance and some applications or hardware settings may not operate properly. Using read-only storage media does not permit saving custom settings that may be required to make Kali Linux operate correctly. It's highly recommended to install Kali Linux on a host hard drive. Installing Kali Linux Installing Kali Linux on your computer is straightforward and similar to installing other operating systems. First, you'll need compatible computer hardware. Kali is supported on i386, amd64, and ARM (both armel and armhf) platforms. The hardware requirements are shown in the following list, although we suggest exceeding the minimum amount by at least three times. Kali Linux, in general, will perform better if it has access to more RAM and is installed on newer machines. Download Kali Linux and either burn the ISO to DVD, or prepare a USB stick with Kali Linux Live as the installation medium. If you do not have a DVD drive or a USB port on your computer, check out the Kali Linux Network Install. The following is a list of minimum installation requirements: A minimum of 8 GB disk space for installing Kali Linux. For i386 and amd64 architectures, a minimum of 512MB RAM. CD-DVD Drive / USB boot support. You will also need an active Internet connection before installation. This is very important or you will not be able to configure and access repositories during installation. When you start Kali you will be presented with a Boot Install screen. You may choose what type of installation (GUI-based or text-based) you would like to perform. Select the local language preference, country, and keyboard preferences. Select a hostname for the Kali Linux host. The default hostname is Kali. Select a password. Simple passwords may not work so chose something that has some degree of complexity. The next prompt asks for your timezone. Modify accordingly and select Continue. The next screenshot shows selecting Eastern standard time. The installer will ask to set up your partitions. If you are installing Kali on a virtual image, select Guided Install – Whole Disk. This will destroy all data on the disk and install Kali Linux. Keep in mind that on a virtual machine, only the virtual disk is getting destroyed. Advanced users can select manual configurations to customize partitions. Kali also offers the option of using LVM, logical volume manager. LVM allows you to manage and resize partitions after installation. In theory, it is supposed to allow flexibility when storage needs change from initial installation. However, unless your Kali Linux needs are extremely complex, you most likely will not need to use it. The last window displays a review of the installation settings. If everything looks correct, select Yes to continue the process as shown in the following screenshot: Kali Linux uses central repositories to distribute application packages. If you would like to install these packages, you need to use a network mirror. The packages are downloaded via HTTP protocol. If your network uses a proxy server, you will also need to configure the proxy settings for you network. Kali will prompt to install GRUB. GRUB is a multi-bootloader that gives the user the ability to pick and boot up to multiple operating systems. In almost all cases, you should select to install GRUB. If you are configuring your system to dual boot, you will want to make sure GRUB recognizes the other operating systems in order for it to give users the options to boot into an alternative operating system. If it does not detect any other operating systems, the machine will automatically boot into Kali Linux. Congratulations! You have finished installing Kali Linux. You will want to remove all media (physical or virtual) and select Continue to reboot your system. Kali Linux and VM image first run On some Kali installation methods, you will be asked to set the root's password. When Kali Linux boots up, enter the root's username and the password you selected. If you downloaded a VM image of Kali, you will need the root password. The default username is root and password is toor. Kali toolset overview Kali Linux offers a number of customized tools designed for Penetration Testing. Tools are categorized in the following groups as seen in the drop-down menu shown in the following screenshot: Information Gathering: These are Reconnaissance tools used to gather data on your target network and devices. Tools range from identifying devices to protocols used. Vulnerability Analysis: Tools from this section focus on evaluating systems for vulnerabilities. Typically, these are run against systems found using the Information Gathering Reconnaissance tools. Web Applications: These are tools used to audit and exploit vulnerabilities in web servers. Many of the audit tools we will refer to in this article come directly from this category. However web applications do not always refer to attacks against web servers, they can simply be web-based tools for networking services. For example, web proxies will be found under this section. Password Attacks: This section of tools primarily deals with brute force or the offline computation of passwords or shared keys used for authentication. Wireless Attacks: These are tools used to exploit vulnerabilities found in wireless protocols. 802.11 tools will be found here, including tools such as aircrack, airmon, and wireless password cracking tools. In addition, this section has tools related to RFID and Bluetooth vulnerabilities as well. In many cases, the tools in this section will need to be used with a wireless adapter that can be configured by Kali to be put in promiscuous mode. Exploitation Tools: These are tools used to exploit vulnerabilities found in systems. Usually, a vulnerability is identified during a Vulnerability Assessment of a target. Sniffing and Spoofing: These are tools used for network packet captures, network packet manipulators, packet crafting applications, and web spoofing. There are also a few VoIP reconstruction applications. Maintaining Access: Maintaining Access tools are used once a foothold is established into a target system or network. It is common to find compromised systems having multiple hooks back to the attacker to provide alternative routes in the event a vulnerability that is used by the attacker is found and remediated. Reverse Engineering: These tools are used to disable an executable and debug programs. The purpose of reverse engineering is analyzing how a program was developed so it can be copied, modified, or lead to development of other programs. Reverse Engineering is also used for malware analysis to determine what an executable does or by researchers to attempt to find vulnerabilities in software applications. Stress Testing: Stress Testing tools are used to evaluate how much data a system can handle. Undesired outcomes could be obtained from overloading systems such as causing a device controlling network communication to open all communication channels or a system shutting down (also known as a denial of service attack). Hardware Hacking: This section contains Android tools, which could be classified as mobile, and Ardunio tools that are used for programming and controlling other small electronic devices. Forensics: Forensics tools are used to monitor and analyze computer network traffic and applications. Reporting Tools: Reporting tools are methods to deliver information found during a penetration exercise. System Services: This is where you can enable and disable Kali services. Services are grouped into BeEF, Dradis, HTTP, Metasploit, MySQL, and SSH. Summary This article served as an introduction to Penetration Testing Web Applications and an overview of setting up Kali Linux. We started off defining best practices for performing Penetration Testing services including defining risk and differences between various services. The key takeaway is to understand what makes a Penetration Test different from other security services, how to properly scope a level of service and best method to perform services. Positioning the right expectations upfront with a potential client will better qualify the opportunity and simplify developing an acceptable scope of work. This article continued with providing an overview of Kali Linux. Topics included how to download your desired version of Kali Linux, ways to perform the installation, and brief overview of toolsets available. The next article will cover how to perform Reconnaissance on a target. This is the first and most critical step in delivering Penetration Testing services. Resources for Article: Further resources on this subject: BackTrack 4: Security with Penetration Testing Methodology [Article] CISSP: Vulnerability and Penetration Testing for Access Control [Article] Making a Complete yet Small Linux Distribution [Article]

(For more resources related to this topic, see here.) Sending a message from a website Sending messages from a website has many uses; sending notifications to users is one good example. In this example, we're going to present you with a form where you can enter a phone number and message and send it to your user. This can be quickly adapted for other uses. Getting ready The complete source code for this recipe can be found in the Chapter6/Recipe1/ folder. How to do it... Ok, let's learn how to send an SMS message from a website. The user will be prompted to fill out a form that will send the SMS message to the phone number entered in the form. Download the Twilio Helper Library from https://github.com/twilio/twilio-php/zipball/master and unzip it. Upload the Services/ folder to your website. Upload config.php to your website and make sure the following variables are set: <?php $accountsid = ''; // YOUR TWILIO ACCOUNT SID $authtoken = ''; // YOUR TWILIO AUTH TOKEN $fromNumber = ''; // PHONE NUMBER CALLS WILL COME FROM ?> Upload a file called sms.php and add the following code to it: <!DOCTYPE html> <html> <head> <title>Recipe 1 – Chapter 6</title> </head> <body> <?php include('Services/Twilio.php'); include("config.php"); include("functions.php"); $client = new Services_Twilio($accountsid, $authtoken); if( isset($_POST['number']) && isset($_POST['message']) ){ $sid = send_sms($_POST['number'],$_POST['message']); echo "Message sent to {$_POST['number']}"; } ?> <form method="post"> <input type="text" name="number" placeholder="Phone Number...." /><br /> <input type="text" name="message" placeholder="Message...." /><br /> <button type="submit">Send Message</button> </form> </body> </html> Create a file called functions.php and add the following code to it: <?php function send_sms($number,$message){ global $client,$fromNumber; $sms = $client->account->sms_messages->create( $fromNumber, $number, $message ); return $sms->sid; } How it works... In steps 1 and 2, we downloaded and installed the Twilio Helper Library for PHP. This library is the heart of your Twilio-powered apps. In step 3, we uploaded config.php that contains our authentication information to talk to Twilio's API. In steps 4 and 5, we created sms.php and functions.php, which will send a message to the phone number we enter. The send_sms function is handy for initiating SMS conversations; we'll be building on this function heavily in the rest of the article. Allowing users to make calls from their call logs We're going to give your user a place to view their call log. We will display a list of incoming calls and give them the option to call back on these numbers. Getting ready The complete source code for this recipe can be found in the Chapter9/Recipe4 folder in the source code for this article. How to do it... Now, let's build a section for our users to log in to using the following steps: Update a file called index.php with the following content: <?php session_start(); include 'Services/Twilio.php'; require("system/jolt.php"); require("system/pdo.class.php"); require("system/functions.php"); $_GET['route'] = isset($_GET['route']) ? '/'.$_GET['route'] : '/'; $app = new Jolt('site',false); $app->option('source', 'config.ini'); #$pdo = Db::singleton(); $mysiteURL = $app->option('site.url'); $app->condition('signed_in', function () use ($app) { $app->redirect( $app->getBaseUri().'/login',!$app->store('user')); }); $app->get('/login', function() use ($app){ $app->render( 'login', array(),'layout' ); }); $app->post('/login', function() use ($app){ $sql = "SELECT * FROM `user` WHERE `email`='{$_POST['user']}' AND `password`='{$_POST['pass']}'"; $pdo = Db::singleton(); $res = $pdo->query( $sql ); $user = $res->fetch(); if( isset($user['ID']) ){ $_SESSION['uid'] = $user['ID']; $app->store('user',$user['ID']); $app->redirect( $app->getBaseUri().'/home'); }else{ $app->redirect( $app->getBaseUri().'/login'); } }); $app->get('/signup', function() use ($app){ $app->render( 'register', array(),'layout' ); }); $app->post('/signup', function() use ($app){ $client = new Services_Twilio($app->store('twilio.accountsid'), $app->store('twilio.authtoken') ); extract($_POST); $timestamp = strtotime( $timestamp ); $subaccount = $client->accounts->create(array( "FriendlyName" => $email )); $sid = $subaccount->sid; $token = $subaccount->auth_token; $sql = "INSERT INTO 'user' SET `name`='{$name}',`email`='{$email}', `password`='{$password}',`phone_number`='{$phone_number}', `sid`='{$sid}',`token`='{$token}',`status`=1"; $pdo = Db::singleton(); $pdo->exec($sql); $uid = $pdo->lastInsertId(); $app->store('user',$uid ); // log user in $app->redirect( $app->getBaseUri().'/phone-number'); }); $app->get('/phone-number', function() use ($app){ $app->condition('signed_in'); $user = $app->store('user'); $client = new Services_Twilio($user['sid'], $user['token']); $app->render('phone-number'); }); $app->post("search", function() use ($app){ $app->condition('signed_in'); $user = get_user( $app->store('user') ); $client = new Services_Twilio($user['sid'], $user['token']); $SearchParams = array(); $SearchParams['InPostalCode'] = !empty($_POST['postal_code']) ? trim($_POST['postal_code']) : ''; $SearchParams['NearNumber'] = !empty($_POST['near_number']) ? trim($_POST['near_number']) : ''; $SearchParams['Contains'] = !empty($_POST['contains'])? trim($_POST['contains']) : '' ; try { $numbers = $client->account->available_phone_numbers-> getList('US', 'Local', $SearchParams); if(empty($numbers)) { $err = urlencode("We didn't find any phone numbers by that search"); $app->redirect( $app->getBaseUri().'/phone-number?msg='.$err); exit(0); } } catch (Exception $e) { $err = urlencode("Error processing search: {$e->getMessage()}"); $app->redirect( $app->getBaseUri().'/phone-number?msg='.$err); exit(0); } $app->render('search',array('numbers'=>$numbers)); }); $app->post("buy", function() use ($app){ $app->condition('signed_in'); $user = get_user( $app->store('user') ); $client = new Services_Twilio($user['sid'], $user['token']); $PhoneNumber = $_POST['PhoneNumber']; try { $number = $client->account->incoming_phone_numbers->create(array( 'PhoneNumber' => $PhoneNumber )); $phsid = $number->sid; if ( !empty($phsid) ){ $sql = "INSERT INTO numbers (user_id,number,sid) VALUES ('{$user['ID']}','{$PhoneNumber}','{$phsid}');"; $pdo = Db::singleton(); $pdo->exec($sql); $fid = $pdo->lastInsertId(); $ret = editNumber($phsid,array( "FriendlyName"=>$PhoneNumber, "VoiceUrl" => $mysiteURL."/voice?id=".$fid, "VoiceMethod" => "POST", ),$user['sid'], $user['token']); } } catch (Exception $e) { $err = urlencode("Error purchasing number: {$e->getMessage()}"); $app->redirect( $app->getBaseUri().'/phone-number?msg='.$err); exit(0); } $msg = urlencode("Thank you for purchasing $PhoneNumber"); header("Location: index.php?msg=$msg"); $app->redirect( $app->getBaseUri().'/home?msg='.$msg); exit(0); }); $app->route('/voice', function() use ($app){ }); $app->get('/transcribe', function() use ($app){ }); $app->get('/logout', function() use ($app){ $app->store('user',0); $app->redirect( $app->getBaseUri().'/login'); }); $app->get('/home', function() use ($app){ $app->condition('signed_in'); $uid = $app->store('user'); $user = get_user( $uid ); $client = new Services_Twilio($user['sid'], $user['token']); $app->render('dashboard',array( 'user'=>$user, 'client'=>$client )); }); $app->get('/delete', function() use ($app){ $app->condition('signed_in'); }); $app->get('/', function() use ($app){ $app->render( 'home' ); }); $app->listen(); Upload a file called dashboard.php with the following content to your views folder: <h2>My Number</h2> <?php $pdo = Db::singleton(); $sql = "SELECT * FROM `numbers` WHERE `user_id`='{$user['ID']}'"; $res = $pdo->query( $sql ); while( $row = $res->fetch() ){ echo preg_replace("/[^0-9]/", "", $row['number']); } try { ?> <h2>My Call History</h2> <p>Here are a list of recent calls, you can click any number to call them back, we will call your registered phone number and then the caller</p> <table width=100% class="table table-hover tabled-striped"> <thead> <tr> <th>From</th> <th>To</th> <th>Start Date</th> <th>End Date</th> <th>Duration</th> </tr> </thead> <tbody> <?php foreach ($client->account->calls as $call) { # echo "<p>Call from $call->from to $call->to at $call->start_time of length $call->duration</p>"; if( !stristr($call->direction,'inbound') ) continue; $type = find_in_list($call->from); ?> <tr> <td><a href="<?=$uri?>/call?number= <?=urlencode($call->from)?>"><?=$call->from?></a></td> <td><?=$call->to?></td> <td><?=$call->start_time?></td> <td><?=$call->end_time?></td> <td><?=$call->duration?></td> </tr> <?php } ?> </tbody> </table> <?php } catch (Exception $e) { echo 'Error: ' . $e->getMessage(); } ?> <hr /> <a href="<?=$uri?>/delete" onclick="return confirm ('Are you sure you wish to close your account?');">Delete My Account</a> How it works... In step 1, we updated the index.php file. In step 2, we uploaded dashboard.php to the views folder. This file checks if we're logged in using the $app->condition('signed_in') method, which we discussed earlier, and if we are, it displays all incoming calls we've had to our account. We can then push a button to call one of those numbers and whitelist or blacklist them. We also give the user the option to delete the account, which we'll cover in the Deleting a subaccount recipe. Summary Thus in this article we have learned how to send messages and make phone calls from your website using Twilio. Resources for Article: Further resources on this subject: Trunks in FreePBX 2.5 [Article] Recording Calls in FreePBX 2.5 [Article] Voice Menus and IVR in AsteriskNOW [Article]

(For more resources related to this topic, see here.) Training There are many different training methods, and users may respond differently to training depending on their level of comfort with technology and accounting, as well as their prior experience with similar applications. The following sections discuss ideas to consider when deciding how and when to train users on Dynamics GP, grouped into these topics: How to train and who should be the trainer? How much training and for whom? When to train? Notes for the trainer. Available training resources. How to train and who should be the trainer? This is by no means a complete guide to training. However, having trained many users over the years, there are a few concepts that have proven true time and time again: Make sure you have a trainer that knows their stuff. Nothing can be worse than being trained from a script with no ability to have a meaningful discussion or ask follow up questions. If the trainer has textbook knowledge of a system, but no real life experience with it, they will not have as much knowledge to share, which could result in incomplete training and lost credibility with the users. If you do not have someone on your team that is a good training resource for Dynamics GP, bring a trainer in. If you are bringing a training resource in from outside your team, help them by explaining what the company does, what Dynamics GP modules will be used, and the basics of the setup that has been performed. With this knowledge, the trainer will be better equipped to train your users. Focus the training on the functionality that will be used. For example, if Purchase Order Approvals are not being used, it can certainly be mentioned that this functionality is available, but why spend time on it? Most likely, if it is implemented six months later, re-training will be required. Set up a training schedule that is reasonable. Some companies may be able to close an accounting department for a whole week to perform training for all users of the new system. Given today's busy working environments, this is often not a realistic option. Keep the number of users in a training session to no more than four or five, anything else can get unruly very quickly. If there are many users that need to be trained on the same functionality, hold two or more sessions for the same topic. Keep training sessions to no more than three hours. This will typically be the most users can absorb at one time. It will also give the company's employees an opportunity to get some of their regular work done on training days. Make the system available to users during training if at all possible. If Dynamics GP is already installed and the sample or test company is set up, give users access to log in during and after training to experiment with what they have just learned. Some companies like the idea of training the trainer—taking a more advanced user who will be using most of the Dynamics GP functionality and training them, so they can train the rest of the users. While this may be a cost saving option in the short term, this can easily become similar to the broken telephone game and is not something that is recommended for most companies. How much training and for whom? Often training classes and manuals for Dynamics GP modules will start with the setup of the module, then go into detail for each type of transaction possible, and then cover routines and utilities available in the module. Think about the users for your Dynamics GP system. How many of them will need to change setup options, or even have the permissions to do so? How many of them will be performing maintenance if there are issues? Typically the answer is one or two (we will call them super users). The rest of the users (regular users) will be entering transactions, inquiring on them, printing reports, and analyzing data. One idea for training your super users on the setup options of Dynamics GP is to do it at the same time as the module setup. That way, as you are going through all the settings, you can explain the available options to them and at the same time get their feedback on the most appropriate settings for the company. Super users thus become part of the implementation process, benefiting them as they get more knowledge of the system, and benefiting the implementation as the modules are set up with all the available knowledge of key accounting personnel. For regular users, make a concise list of the users and what functions they typically perform as part of their job. Only include users in the sessions that they need for their work. Breaking out the training sessions by functionality and keeping them short will afford the best chance of users retaining knowledge. If a user is moved to a different area or gets more responsibility, it is usually best to train them on the additional functionality they need at that time. There is a fine line between too much and too little training. With too much, most of the training is not retained because users can get overwhelmed. With too little training, users may not understand enough of how Dynamics GP works and the repercussions of their actions throughout the system. The key is to find just the right amount of training, and that's where an experienced trainer can really add value to your implementation. When to train? It may be appealing to set aside time for training users before the implementation really gets started. Everyone has more time and is more relaxed, schedules are more open. I strongly recommend against this. Training users and having them not use the training for several weeks to a month will render that training almost useless for many of the users. To maximize the chances of success, plan to do the bulk of the training right before the users need to start using Dynamics GP. This is another reason why a phased approach often makes more sense than implementing all the functionality at once. Plan to keep training users through at least the first few days of the Go Live. Users that are not very computer savvy, or are more resistant to change, may need some hand-holding during the Go Live to ensure a smooth transition. If you can identify these users and plan for this ahead of time, you will increase your chances of a successful implementation. Keep in mind that training is not a discrete process. While the bulk of the training may be done right before the Go Live, make plans for retraining regularly. If there is high turnover in the company's GP users, put together a plan for training new users as they are hired. Many companies have employees that are leaving train their replacement. While this may work for some aspects of a job, this is not always a good idea for systems such as Dynamics GP, especially if it has not been in place long. Once employees start using Dynamics GP they will have questions that need to be answered right away, as they are stopping critical work, but there will also be many non-critical questions. Make sure your users have a resource to ask the critical questions and let them know how to access this resource. For the non-critical issues, ask users to make a list of these as they go about their daily work and plan for periodic refreshers on the training. This will give users a chance to get familiar with the system and let them know they have a resource to answer any questions that might come up. Notes for the trainer Each trainer will have their own technique and methodology. This is not meant to teach someone how to train Dynamics GP users, just a few things to keep in mind if you are the one performing the training: Understand your audience : Are they experienced accountants that have used Dynamics GP or a similar ERP system in the past? Or are they mostly clerical users that simply key in transactions without too much accounting experience or computer knowledge? The answer may change how you present or explain things. It will also help you understand and answer their questions better. Often you will have a mix in the audience—try to involve more experienced users in answering the questions about company accounting policy and practices for the others. You will get the benefit of their experience with the company and make them feel more involved in the process. Be flexible, but firm: If users want to ask questions during training, be flexible enough to veer a little off course to accommodate them. However, if the discussion starts getting too far off topic or taking an inordinate amount of time, make a note if you need to follow up later, but get back to the scheduled training. Start each training session with a brief introduction to navigation in Dynamics GP and some of the basic terminology: For users that have not seen Dynamics GP before, a lot of the terminology and navigation may take some getting used to. Reinforce this throughout the training—certain icons appear on almost every window and have the same functionality—remind users of this. For example, clicking on the looking glass icon will always give you a list of choices for the field you're on, or a note icon will add a note to the item it is right next to, but a note icon in the bottom right corner of a window will be a window level note. Follow up : If there were questions left open during training, make notes and follow up via e-mail or in the next training session with the same users. Available training resources If you have no trainer available on your team and are looking for classroom or pre-recorded training, the following are some Dynamics GP training resources: E-Learning : Microsoft E-Learning offers a comprehensive list of pre-recorded training sessions for various Dynamics GP modules. Currently E-Learning is available to all Dynamics GP customers on a maintenance plan at no additional charge. To access your E-Learning, log onto CustomerSource (https://mbs.microsoft.com/customersource/) and navigate to Readiness and Training | E-Learning from the menu on the left. Training available from Microsoft : Other training options, including instructor-led classroom and online training, are available from Microsoft. As the offerings and schedules change often, it is best to use Microsoft's Training Catalog (http://learning.microsoft.com/Manager/Catalog.aspx) to find the training you are looking for. Manuals : Many modules in Microsoft Dynamics GP have printable guides available, found at the following URL: http://technet.microsoft.com/en-us/library/jj673202(v=gp.30).aspx. While all of these resources can help with training, both initially and on an ongoing basis, typically best results are accomplished by using a dedicated trainer as opposed to a canned resource to train your users prior to a Go Live. This allows the training to be geared specifically to your company's needs, which usually saves time and offers the best return on your company's Dynamics GP investment. Tools for Dynamics GP There are a number of tools available from Microsoft to help troubleshoot and add functionality to Dynamics GP. In this section we will go over the following tools: Professional Services Tools Library Tools from Microsoft's Professional Services Team Support Debugging Tool Professional Services Tools Library The Professional Services Tools Library ( PSTL ) is a suite of tools originally created by the Microsoft Dynamics GP support, development, and professional services teams to add functionality to Dynamics GP. For many years most of the tools in the PSTL were sold for anywhere from $750 to $1500 each and the entire suite cost $5,000. On March 26, 2012 Microsoft announced that the PSTL would be available to all customers using Dynamics GP 10.0 or later at no additional cost. The PSTL can be installed during the Dynamics GP application installation or added as an additional component later. Dynamics GP partners can download the PSTL at the following URL: http://bit.ly/18qHTH3 (requires PartnerSource access). Customers can ask their Dynamics GP partner to download this for them. There are currently 40 tools in the PSTL. The following sections lists them all with a brief description of each, grouped by series. System tools These are tools that are global to the entire Dynamics GP system: Tool Name Description Database Disabler Allows an administrator to temporarily disable any existing Dynamics GP companies. This is a great tool to use when running maintenance or other updates, to prevent users from logging into selected companies. (Requires sa login.) Shortcuts Copy This tool will copy shortcuts from one user to another. Toolkit The Toolkit is used to rebuild the GL Account Master Index table (GL00105), re-create Dex Procs, rebuild indexes, recreate tables, and check identities of tables. This will typically only be needed when working with support. (Requires sa login.) Menu Inquiry Utility Allows you to see detailed technical information for each menu item in your Dynamics GP. Update User Date If this tool is enabled, the Dynamics GP User Date will automatically increment the date at midnight if the Dynamics GP application is open. Note that this tool requires a setting in the Dex.ini file of SuppressChangeDateDialog=True. More Dex.ini settings with detailed explanations can be found here: http://dynamicsconfessions.blogspot.com/2011/02/dexini-downloadable-file-updated.html Financial tools These are tools for the General Ledger and Bank Reconciliation modules: Tool Name Description Account Modifier / Combiner This incredibly useful tool will go through all posted and unposted transactions throughout Dynamics GP and change or combine General Ledger account numbers. Often this tool is used after a reorganization, when the chart of accounts needs to be changed to accommodate the new company structure. It can also be helpful to clean up a chart of accounts when many new accounts have been added. (Requires sa login.) Checkbook Modifier Allows you to change a Checkbook ID, this will update all transactions in the system. Fiscal Period Modifier This tool is used to change the Year number for closed years. Often this is needed when changes to the fiscal years are made, for example to align them to calendar years. GL Master Triggers With this tool General Ledger accounts created in a master company can be set up to replicate to some or all of your other companies. Purchasing tools These are tools for the Payables Management and Purchase Order Processing modules: Tool Name Description 1099 Modifier This tool will update 1099 amounts for vendors that were not set up as a 1099 vendor, but should have been. PM Master Triggers With this tool Vendors created in a master company can be set up to replicate to some or all of your other companies. PM Minimum Check If this tool is enabled, a new option to set a minimum check amount will be available on the Additional menu during the Select Checks process in the Payables module. Select Checks Combiner If this tool is enabled, when users add payments to existing check batches, payments for the same vendors will be combined into one check instead of creating multiple checks for the same vendor. Vendor Combiner This tool allows combining multiple vendors into one. You may find this tool useful if multiple users are creating vendors and may have inadvertently created multiple Vendor IDs for the same vendor. (Requires sa login.) Vendor Modifier This popular tool will change the Vendor ID for all unposted, open and historical records throughout Dynamics GP. You may find this tool useful if you are using the vendor name as part of the Vendor ID and the vendor changes their name or a mistake was made when creating the Vendor ID. (Requires sa login.) Vendor Name Modifier Allows changing the vendor name on all existing transactions in Dynamics GP. (Requires sa login.) Minimum PO/ Receipt # If this tool is enabled, you can specify minimum Purchase Order and Receipt numbers, so that the system does not go back and try to reuse numbers that are below what you have specified. POP Cost Disabler If this tool is enabled, you can specify the Current Cost or Standard Cost of inventory items to be defaulted onto Purchase Orders instead of the standard Dynamics GP behavior of using the Last Invoice Cost per vendor. Sales tools These are tools for the Receivables Management and Sales Order Processing modules: Tool Name Description Customer Combiner This tool allows combining multiple customers into one. You may find this tool useful if customers merge or multiple users are creating customers and may have inadvertently created multiple Customer IDs for the same customer. (Requires sa login.) Customer Modifier This popular tool will change the Customer ID for all unposted, open, and historical records throughout Dynamics GP. You may find this tool useful if you are using the customer name as part of the Customer ID and the customer changes their name or a mistake was made when creating the Customer ID. (Requires sa login.) Customer Name Modifier Allows changing the customer name on all existing transactions in Dynamics GP. (Requires sa login.) RM Master Triggers With this tool Customers created in a master company can be set up to replicate to some or all of your other companies. RM Transaction Unapply When receivables transactions are moved to history they can no longer be unapplied or voided. This very useful tool allows historical receivables transactions to be unapplied and moved back to an open status to allow voiding, entering an NSF, or changing apply information. Salesperson Modifier Allows changing a Salesperson ID on all transactions in Dynamics GP. (Requires sa login.) SOP Customer Item Lookup With this tool enabled, users can look up customer specific item sales history quickly during sales transaction entry. This can be helpful to show what a customer purchased in the past and at what prices. Territory Modifier Allows changing a Territory ID on all transactions in Dynamics GP. (Requires sa login.) Territory Combiner This tool is used to combine Territories. As with the other tools, all existing transactions are updated. (Requires sa login.) SOP PO Number Check With this tool enabled you can set up your Dynamics GP to check for supplicate customer PO numbers and either not allow them, or show a warning message to the user. Payroll tools These are tools for the Payroll module: Tool Name Description Certified Payroll Report Enabling this tool with the US Payroll module allows you to add a project number to employee transactions. Employee Modifier Allows changing an Employee ID on all transactions in Dynamics GP. Inventory tools These are tools for the Inventory module: Tool Name Description Inventory Site Combiner Allows combining inventory sites. This may be useful if a new site was created by mistake. Inventory Site Modifier This tool allows you to change the ID of an inventory site on all transactions in Dynamics GP. Item Description Modifier This tools changes the name of an inventory item based on an item number on all transactions in Dynamics GP. This should be used very carefully, as some companies change the item descriptions on both sales and purchasing documents on purpose and may want to keep those changes in their historical data. Item Number Combiner One of the more popular tools, this allows inventory items to be combined into one. (Requires sa login.) Item Number Modifier Another of the tools used often, this allows you to change the number of an inventory item on all transactions in Dynamics GP. This is very useful when changing inventory numbering. (Requires sa login.) Item Reconciler This tool runs the same Inventory Reconcile process that is available in the Inventory module in Dynamics GP, however, it only runs for the items that need to be reconciled. If you have a large number of items and transactions, this tool may increase performance of the reconcile process. Miscellaneous tools Additional tools that do not fit into the previous categories, or were added recently: Tool Name Description Fixed Asset Modifier Allows changing an Asset ID on all transactions in Dynamics GP. Default Add Item POP/SOP With this tool enabled, if a user types in an item number that does not exist on either a POP or SOP transaction, they will see a prompt asking them if they want to add the item. This is very useful to quickly alert users that they have typed in a non-inventory item. Doc Date Verify This is arguably one of the most useful tools available and I recommend that it be enabled for every Dynamics GP installation. With this tool enabled, when a user types in a date, Dynamics GP checks to see if it is in an existing or closed fiscal period. Transactions will not be allowed for non-existing fiscal periods and will be allowed with a warning for closed fiscal period. Doc Date Verify works with the following transaction windows: Payables Transaction Entry Payables Manual Payment Entry Purchase Order Entry Receivings Transaction Entry Purchasing Invoice Entry Receivables Transaction Entry Invoice Entry Sales Transaction Entry Cash Receipts Entry Inventory Transaction Entry Decimal Place Tool With this tool enabled the Check Amount in words on Payables and Payroll checks will be shown with two decimal places. Company Copy This tool allows copying module setup and/or data from one Dynamics GP company to another. This can be very useful when creating a new Dynamics GP company that needs to have similar setup to an existing company. (Requires sa login.) You can find more information and detailed instructions for each tool listed in the preceding table from the Professional Services Tools Library manual, included with the PSTL download. Note that some of the tools require that the user be logged in as sa for the tool to work. Many of the tools that offer the ability to change IDs or names have the option of importing a list of the changes instead of having to manually enter them one at a time. Tools from Microsoft's Professional Services Team Microsoft's Professional Services Team has created many customizations for Dynamics GP customers over the years. Some of these customizations have been packaged into tools that have also been made available for free. Similarly to the PSTL, Dynamics GP partners are able to download these tools from the following URL: http://bit.ly/18qHTH3 (requires PartnerSource access). Dynamics GP customers would need to ask their partners for the tools. Following is a list of these tools with brief descriptions: Tool Name Description AutoDim Tool that allows you to launch Dynamics GP, run one or more integrations or integration groups, and have Dynamics GP exit upon completion of the integrations. This product also supports integration into several different companies. AutoPost DLL that uses the Continuum API to call the posting processes in Dynamics GP. The Dynamics GP application must be opened with a user logged into the appropriate company for this to work. AutoPost works for transactions entered on the following windows: General Ledger Transaction Entry Inventory Item Transaction Entry Inventory Item Transfer Entry Receivables Cash Receipts Entry SOP Sales Transaction Entry POP Receivings Transaction Entry Payables Transaction Entry Detail Payroll Activity Tracking Allows you to track all employee changes made in Microsoft Dynamics GP. PO Returns When invoicing a receipt in POP, this tool will check the previous quantity invoiced and the quantity returned for the line item. The maximum quantity allowed to be invoiced is based on the following formula: Quantity Shipped minus (Previous Quantity Invoiced plus Quantity Returned). This tool will not allow invoicing for more than the maximum quantity allowed. RM Auto Apply Allows you to mass apply posted receivables credit documents (payments, returns and credit memos) to posted receivables debit documents. You can select ranges of customers, transaction dates and document types. Shipment Notification This tool allows drop ship sales orders to be transferred to invoices prior to invoicing the purchase order. SOP Default per Site Line This tool defaults the site from the Cards | Inventory | Quantities/Sites window for each line item entered on an SOP transaction. SOP Sort Line Items Allows you to define custom sorting options to display line items in Sales Order Processing. SOP to POP Line Reordering Utility This tool will reorder the line items of Purchase Orders generated by the SOP to POP transfer process to be in the same order as they originally were on the Sales Order document(s). More details and instructions are included with the download for each of these tools. Support Debugging Tool The Support Debugging Tool for Dynamics GP was created by David Musgrave (http://social.msdn.microsoft.com/Profile/davidmusgrave), a key contributor to the Dynamics GP community. The Support Debugging Tool is written in Dexterity and contains a number of very useful utilities for helping with support, troubleshooting, and reporting in Dynamics GP. Dynamics GP partners can download the Support Debugging Tool for Dynamics GP 2013 on PartnerSource (login required): https://mbs.microsoft.com/partnersource/support/selfsupport/productreleases/MDGP2013_SupportDebuggingTool. Customers can ask their Dynamics GP partner to obtain the Support Debugging Tool for them. Some additional links for the Support Debugging Tool: Installing and frequently asked questions: http://bit.ly/18qLzbZ. How to configure SQL Profile Tracing using the Support Debugging Tool: http://bit.ly/18qLIMh. 21 Reasons why every workstation should have the Support Debugging Tool installed: http://bit.ly/18qLOnd. One of my personal favorites: Differentiating companies in Dynamics GP: http://bit.ly/18qLVzi. How to use the Support Debugging Tool to get resource information: One resource at a time: http://bit.ly/18qM19Y. Building a file of all resources: http://bit.ly/18qLZin. Troubleshooting tips Troubleshooting can be a difficult and lengthy process and often, without enough information, can become iterative and frustrating. This section offers a list of tests to attempt and information to collect when troubleshooting or asking for support. Tests One of the key factors in identifying and fixing a problem is being able to reproduce it. Before trying to look up an issue or error, or asking others for help with it, consider running through some of the following tests on your own: Are the results the same when logged into Dynamics GP as another user on the same computer? Are the results the same when logged into Dynamics GP as the same user on a different computer (or, even better, the Dynamics GP server, if possible to test there)? Are the results the same when logged into Dynamics GP as sa? Are the results the same in all Dynamics GP companies? Are the results the same when logged into Windows as a user in the local administrators group? If you have multiple Windows operating systems running Dynamics GP, are the results the same on a different operating system? If the issue is on a Terminal Server, are the results the same when running Dynamics GP locally on the Terminal Server and/or locally on another computer? Are the results the same when logged into Windows as the local administrator (built-in account for administering the computer/domain)? If printing a report is not working: Are the results the same when choosing to print to screen only, instead of choosing printer or export? Has a new printer been added recently? Has anything changed in the printer setup? Important information The following is a list of information that is helpful to provide when asking for help: Dynamics GP version and service pack (or build number). Windows operating system and service pack. SQL Server version and service pack. What are the steps to reproduce the issue? If you are getting an error, capture a screenshot or the exact wording of the error message and the exact steps that lead to it. Describe the steps you have already taken to troubleshoot and their results. Running through some tests yourself and providing as much information as possible when asking for support will help you get to a resolution much faster. Often the results of the tests will actually lead you to see what is causing the issue even before calling for support. Additional resources There are many additional resources available for Dynamics GP. This section will discuss the following resources: Knowledge base Forums Blogs Knowledge base The Dynamics Knowledge Base requires a login to either CustomerSource or PartnerSource and can be found at the following URL: https://mbs.microsoft.com/knowledgebase/search.aspx. This Knowledge Base is for all Microsoft Dynamics products, so be sure to select Microsoft Dynamics GP under Select Product when searching. As there are a great number of articles in the Knowledge Base, it is often best to start with the exact and complete text of the error message you are trying to troubleshoot and choose All of the words entered or Exact phrase entered under Using . If that does not provide results, you can always take some of the words out. Some additional tips on searching the Dynamics Knowledge Base can be found in this blog post and its comments: http://bit.ly/18qMHMI. Forums There are a number of Microsoft and non-Microsoft forums, also sometimes referred to as newsgroups, where you can search for answers and ask for help on Dynamics GP. The top four that I have used are: Microsoft Dynamics GP Community Forum (requires Windows Live login): https://community.dynamics.com/gp/f/32.aspx. Microsoft Dynamics GP Partner Forum (requires Windows Live login and affiliation with a partner organization): http://partnersupport.microsoft.com/en-us/mpndynamics/forum/mpndyngp?tab=QnA. Tek-Tips Dynamics GP Forum (requires Tek-Tips login): http://www.tek-tips.com/threadminder.cfm?pid=632. Experts Exchange MS Dynamics GP Zone (requires a paid subscription to Experts Exchange or answering questions to accumulate points): http://www.experts-exchange.com/Microsoft/Applications/Microsoft_Dynamics/. This is by no means an exhaustive list and there are other Dynamics GP forums on the internet. Keep in mind that if your issue is urgent, it may be better to contact Microsoft Dynamics GP support or your Dynamics GP partner. Blogs Blogs are now a regular part of supporting and maintaining an application and there are quite a number of blogs dedicated to Microsoft Dynamics GP. Some focus on a specific functionality or aspect of Dynamics GP, while others point out other Dynamics GP-related resources and articles. A few representative blogs are listed as follows: Victoria Yudin—Ramblings and musings of a Dynamics GP MVP (yes, this is my blog): http://victoriayudin.com/. Inside Microsoft Dynamics GP (official Dynamics GP blog): http://blogs.msdn.com/b/gp/. David Musgrave—Developing for Dynamics GP: http://blogs.msdn.com/b/developingfordynamicsgp/. Steve Endow and Christina Phillips—Dynamics GP Land:http://dynamicsgpland.blogspot.com/. Leslie Vail—Dynamics Confessor Blogspot: http://dynamicsconfessions.blogspot.com/. Mariano Gomez—The Dynamics GP Blogster: http://dynamicsgpblogster.blogspot.com/. Mark Polino—DynamicAccounting.net: http://mpolino.com/gp/. Frank Hamelly—GP2theMax: http://gp2themax.blogspot.com/. Jan Harrigan—Simplify FRx and Management Reporter:http://www.frxbuzz.com. Jivtesh Singh—About Dynamics, Development and Life: http://www.jivtesh.com/. Vaidy Mohan—Dynamics GP – Learn & Discuss: http://vaidymohan.com/. Ian Grieve—Ramblings of a Dynamics GP Consultant: http://www.azurecurve.co.uk/. For other Dynamics GP blogs, take a look at the blog links on any of the blogs listed. Summary In this article, we discussed various aspects of training your Dynamics GP users and provided some tips on how and when to train. We also went over tools available from Microsoft for Dynamics GP, troubleshooting steps, and listed a number of resources for further Dynamics GP information. Resources for Article : Further resources on this subject: Microsoft Dynamics GP: Installing Analysis Cubes [Article] Setting up the Microsoft Dynamics GP System [Article] Organizing Microsoft Dynamics GP 2010: An Extension [Article]

(For more resources related to this topic, see here.) Getting ready Content in Edublogs can take many different forms—posts, pages, uploaded media, and embedded media. The first step needs to be developing an understanding of what each of these types of content are, and how they fit into the Edublogs framework. Pages: Pages are generally static content, such as an About or a Frequently Asked Questions page. Posts: Posts are the content that is continually updated on a blog. When you write an article, it is referred to as a post. Media [uploaded]: Edublogs has a media manager that allows you to upload pictures, videos, audio files, and other files that readers would be able to interact with or download. Media [embedded]: Embedded media is different than internal media in that it is not stored on your Edublogs account. If you record a video and upload it, the video resides on your website and is considered internal to that website. If you want to add a YouTube video, a Prezi presentation, a slideshow, or any content that actually resides on another website, that is considered embedding. How to do it... Posts and pages are very similar. When you click on the Pages link on the left navigation column, if you are just beginning, you will see an empty list or the Sample Page that Edublogs provides. However, this page will show a list of all of the pages that you have written, as shown in the following screenshot: Click on any column header (Title, Author, Comments, and Date) to sort the pages by that criterion. A page can be any of several types: Published (anyone can see), Drafts, Private, Password Protected, or in the Trash. You can filter by those pages as well. You will only see the types of pages that you are currently using. For example, in the following screenshot, I have 3 Draft pages. If I had none, Drafts would not show as an option. When you hover over a page, you are provided with several options, such as Edit, Quick Edit, Trash, and View. View: This option shows you the actual live post, the same way that a reader would see it. Trash: This deletes the page. Edit: This brings you back to the main editing screen, where you can change the actual body of the page. Quick Edit: This allows you to change some of the main options of the post: Title, Slug (the end of the URL to access the page), Author, if the page has a parent, and if it should be published. The following screenshot demonstrates these options: How it works... Everything above about Pages also applies to Posts. Posts, though, have several additional options. It's also more common to use the additional options to customize Posts than Pages. Right away, hovering over Posts, it shows two new links: Categories and Tags. These tools are optional, and serve the dual purpose of aiding the author by providing an organizational structure, and helping the reader to find posts more effectively. A Category is usually very general; on one of my educational blogs, I limit my categories to a few: technology integration, assessment, pedagogy, and lessons. If I happen to write a post that does not fit, I do not categorize it. Tags are becoming ubiquitous in many applications and operating systems. They provide an easy way to browse a store of information thematically. On my educational blog, I have over 160 tags. On one post about Facebook's new advertising system, I added the following tags: Digital Literacy, Facebook, Privacy. Utilizing tags can help you to see trends in your writing and makes it much easier for new readers to find posts that interest them, and regular readers to find old posts that they want to re-reference. Let's take a look at some of the advanced features. When adding or editing a post, the following features are all located on the right-hand side column: Publish: The Publish box is necessary any time you want to remove your Post (or Page) from the draft stage, and allow readers to be able to see it. Most new bloggers simply click on Publish/Update when they are done writing a Post, which works fine. It is limited though. People often find that there are certain times of day that result in higher readership. If you click on Edit next to Publish Immediately, you can choose a date and time to schedule the publication. In addition, the Visibility line also allows you to set a Post as private, password protected, or always at the top of the page (if you have a post you particularly want to highlight, for example). Format: Most of the time, changing the format is not necessary, particularly if you run a normal, text driven blog. However, different formats lend themselves to different types of content. For example, if publishing a picture as a Post, as is often done on the microblogging site Tumblr, choosing Image would format the post more effectively. Categories: Click on + Add New Category, or check any existing categories to append them to the Post. Tags: Type any tags that you want to use, separated by commas (such as writing, blogging, Edublogs). Featured Image: Uploading and choosing a feature image adds a thumbnail image, to provide a more engaging browsing experience for the viewer. All of these features are optional, but they are useful for improving the experience, both for yourself and your readers. There's more... While for most people, the heart of a blog is the actual writing that they do. Media serves help to both make the experience more memorable and engaging, as well as to illustrate a point more effectively than text would alone. Media is anything other than text that a user can interact with; primarily, it is video, audio, or pictures. As teachers know, not everyone learns ideally through a text-based medium; media is an important part of engaging readers just as it is an important part of engaging students. There are a few ways to get media into your posts. The first is through the Media Library. On a free account, space is limited to 32 MB, a relatively small account. Pro accounts get 10 GB of space. Click on Media from the navigation menu on the left; it brings up the library. This will have a list of your media, similar to that which is used for Posts and Pages. To add media, simply click on Add New and choose an image, audio file, or video from your computer. This will then be available to any post or page to use. The following screenshot shows the Media Library page: If you are already in a post, you have even more options. Click on the Add Media button above the text editor, as shown in the following screenshot: Following are some of the options you have to embed media: Insert Media: This allows you to directly upload a file or choose one from the Media Library. Create Gallery: Creating a gallery allows you to create a set of images that users can browse through. Set Featured Image: As described above, set a thumbnail image representative of the post. Insert from URL: This allows you to insert an image by pasting in the direct URL. Make sure you give attribution, if you use someone else's image. Insert Embed Code: Embed code is extremely helpful. Many sites provide embed code (often referred to as share code) to allow people to post their content on other websites. One of the most common examples is adding a YouTube video to a post. The following screenshot is from the Share menu of a YouTube video. Copying the code provided and pasting it into the Insert Embed Code field will put the YouTube video right in the post, as shown in the following screenshot. This is much more effective than just providing a link, because readers can watch the video without ever having to leave the blog. Embedding is an Edublogs Pro feature only. Utilizing media effectively can dramatically improve the experience for your readers. Summary This article on managing content provided details about managing different types of content, in the form of posts, pages, uploaded media, and embedded media. It taught us the different features such as publish, format, categories, tags and features image. Resources for Article : Further resources on this subject: Customizing WordPress Settings for SEO [Article] Getting Started with WordPress 3 [Article] Dynamic Menus in WordPress [Article]

(For more resources related to this topic, see here.) How to do it... The following are best practices that may be used in your own presentations: You should follow Guy Kawasaki's 10/20/30 rule. There shouldn't be more than 10 slides/page, an average presentation should last for roughly 20 minutes, and the font size shouldn't be smaller than 30. If it makes sense, try to customize the layout of your information from the boring, default point form in order to communicate the message in a better way. Include figures instead of statistics when illustrating data, such as a graph or table. Keep your audience in mind at all times. Do not clutter your presentation with facts that will not interest them. Modify your existing presentations to be Brainshark-friendly, matching slide animations and audio cues properly. There are more tips on how to do this properly in the Synchronizing slide animations to audio recipe. When applicable, present the initial sale as a gift rather than a purchase. For instance, "The First Month Is On Us!" as opposed to "Try Us Free For 30 Days". If various slides/pages overlap in material or are related, aim to condense them into one. This will retain the focus of your audience by reducing scope. If your product has already been tested, aim to include social proof (quotes, references, or statistics based on past customers' usage; typically include real names and occupational positions for reinforced integrity) from past customers. Sell benefits to pain points (the pain that your audience is experiencing that your product can help solve), not features. For instance, instead of stating "You can File Your Taxes With Our Software", say "Tired of Filing Your Taxes After an Exhausting Workday? Our Software Does It So You Don't have to!". Where content exclusively describes benefits, include a call-to-action (some button or text meant to prompt a user to click it, leading to a sales conversion) link to purchase on every slide/page. If there are multiple products/plans, make sure to recommend only one to your audience (but have the others available for those who want them). Except for the call-to-action links, aim to minimize website links wherever possible. Whenever possible, try to emphasize how/where the product is made, if it can be used to your advantage. For instance, emphasizing that your manufacturing process is environment-friendly to green customers or that your product was made in Canada for a Canadian audience will aid in sales conversions. How it works... This section will show why the steps illustrated in the preceding How to do it section are important: The 10/20/30 rule ensures that you keep the presentation concise and informative, enforcing information constraints. In addition, the 30 font-size rule ensures that all members of your audiences can deal with the visual display of content. Sometimes, boring and default layouts can be changed to communicate the topic at hand in a better way. For instance, when information is strictly hierarchical, a flowchart might present the content in a better manner. Statistics are best communicated through visualizations. Figures such as tables and graphs allow audiences to parse information faster and with better comprehension of the issues at hand. Remember that you should always be selling a product to a particular audience. For instance, if you are selling software to two different audience groups but find that their pain points are different, you should ideally split the presentation into two; one for each group. Keep in mind that you will not be presenting personally, so ensure that any audio and visual cues present are properly explained to the audience. When presented as a gift, the audience views the initial sale as a window of opportunity instead of a purchase. People are wired to jump at opportunities, leading to impulse purchasing and higher sales. There is no need to reiterate information from slide-to-slide. If there is related material across different slides, readers may need to look back at the previous slides to understand the current one. Social proof has been proven to be much more effective than self-promotion. Knowing that a user of a similar demographic used the product successfully aids confidence in the buying decision. Pain points communicate much easier to buyers than features. Knowing what a product can do is not as powerful as knowing what a product can do to solve their problems. By consistently reminding the audience about the call-to-action, you will keep them engaged throughout the sales process. In addition, this ensures that the user does not have to go backwards in the presentation to go through the call-to-action prompt. People are often indecisive and do not know what is best for them. By recommending a product to begin with, you eliminate this problem, leading to faster decision-making on impulse and sales. Your focus is to sell the product, not distract the audience by directing them away from the presentation. By adding miscellaneous links throughout the presentation, people may leave the slideshow to view them, staying on those sites as a result. If people realize that the product aligns with their own personal interests, they will be more willing to support it through a purchase. There's more... This section will cover details regarding the basic aesthetic appeal tips: Outside images, do not use more than three main colors per presentation. Select your animations wisely. Many are tacky and unnecessary. Avoid sharp colors. Avoid dark backgrounds and distracting objects. Ensure that there is sufficient contrast in the text color against the background. There shouldn't be more than three font sizes per presentation. Any charts, graphs, or tables used must be simple enough for your audience to interpret. On Brainshark, viewers have no one to turn to for their questions in real-time. Any call-to-action buttons should aim to have significant contrast and depth differences in comparison to the background for emphasis. Ensure that you use sans-serif fonts for readability. Examples include Arial, Calibri, Verdana, or Gill Sans MT. Font to the left is a typical serif font whereas the one to the right is considered sans-serif. Apply the 6/6 rule. There shouldn't be more than 6 words per point and 6 points per slide. Avoid using clipart. Summary In this article you saw how to ergonomically design presentations for sales conversions and also covered details regarding basic aesthetic appeal tips. Resources for Article : Further resources on this subject: Getting Started with Impressive Presentations [Article] Turning your PowerPoint presentation into a Prezi [Article] Mastering the Newer Prezi Features [Article]

(For more resources related to this topic, see here.) Many applications involve several screens of data that a user might want to browse or flip through to view each screen. As an example, think of an application where we list a catalogue of books with each book in the catalogue appearing on a single screen. A book's screen contains an image, title, and description like the following screenshot: To view each book's information, the user needs to move to each screen. We could put a next button and a previous button on the screen, but a more natural action is for the user to use their thumb or finger to swipe the screen from one edge of the display to the other and have the screen with the next book's information slide into place as represented in the following screenshot: This creates a very natural navigation experience, and honestly, is a more fun way to navigate through an application than using buttons. Summary Fragments are the foundation of modern Android app development, allowing us to display multiple application screens within a single activity. Thanks to the flexibility provided by fragments, we can now incorporate rich navigation into our apps with relative ease. Using these rich navigation capabilities, we're able to create a more dynamic user interface experience that make our apps more compelling and that users find more fun to work with. Resources for Article : Further resources on this subject: So, what is Spring for Android? [Article] Android Native Application API [Article] Animating Properties and Tweening Pages in Android 3-0 [Article]

(For more resources related to this topic, see here.) Introduction to APIs API is an acronym for Application Programming Interface. An API helps to control how various software components are used. CraftBukkit includes the Minecraft code in a form that is easier for developers to utilize in creating plugins. CraftBukkit has a lot of code that we do not need to access for creating plugins. It also includes code that we should not use as it could cause the server to become unstable. Bukkit provides us with the classes that we can use to properly modify the game. Basically, Bukkit acts as a bridge between our plugin and the CraftBukkit server. The Bukkit team adds new classes, methods, and so on, to the API as new features develop in Minecraft, but the preexisting code rarely changes. This ensures that our Bukkit plugins will still function correctly months or even years from now. Even though new versions of Minecraft/CraftBukkit are being released. For example, if Minecraft were to change how an entity's health is handled, we would notice no difference. The CraftBukkit jar would account for this change and when our plugin calls the getHealth() method it would function exactly as it had before the update. Another example of how great the Bukkit API is would be the addition of new Minecraft features, such as new items. Let's say that we've created a plugin that gives food an expiration date. To see if an item is food we'd use the isEdible() method. Minecraft continues to create new items. If one of these new items was Pumpkin Bread, CraftBukkit would flag that type of item as edible and would therefore be given an expiration date by our plugin. A year from now, any new food items would still be given expiration dates without us needing to change any of our code. The Bukkit API documentation Documentation of the Bukkit API can be found at jd.bukkit.org. You will see several links regarding the status of the build (Recommended, Beta, or Development) and the form of the documentation (JavaDocs or Doxygen). If you are new to reading documentation of Java code, you may prefer Doxygen. It includes useful features, such as a search bar and collapsible lists and diagrams. If you are already familiar with reading documentation then you may be more comfortable using the JavaDocs. In the following screenshot, both API docs are side by side for comparison. The traditional JavaDocs are on the left and the Doxygen documentation is on the right. The following figure is the inheritance diagram for LivingEntity from the Doxygen site. Take note that on the site you are able to zoom in and click a box to go to that class. I encourage you to browse through each documentation to decide which one you prefer. They are simply displayed differently. When using the Doxygen API docs, you will have to navigate to the bukkit package to see a list of classes and packages. It can be found navigating to the following links within the left column: Bukkit | Classes | Class List | org | bukkit, as shown in the following screenshot: Navigating the Bukkit API Documentation We can look through this documentation to get a general idea of what we are able to modify on a CraftBukkit server. Server-side plugins are different from client-side mods. We are limited with what we are able to modify in the game using server-side plugins. For example, we cannot create a new type of block but we can make lava blocks rain from the sky. We cannot make zombies look and sound like dinosaurs but we can put a zombie on a leash, change its name to Fido and have it not burn in the daylight. For the most part you cannot change the visual aspect of the game, but you can change how it functions. This ensures that everyone who connects to the server with a standard Minecraft client will have the same experience. For some more examples on what we can do, we will view various pages of the API docs. You will notice that the classes are organized into several packages. These packages help group similar classes together. For example, a Cow , a Player, and a Zombie are all types of entities and thus can be found in the org.bukkit.entity package. So if I were to say that the World interface can be found at org.bukkit. World then you will know that the World class can be found within the bukkit package, which is inside the org package. Knowing this will help you find the classes that you are looking for. The search bar near the top right corner of the Doxygen site is another way to quickly find a class. Let's look at the World class and see what it has to offer. The classes are listed in alphabetical order so we will find World near the end of the list within the bukkit package. Once you click on the World class link, all of its methods will be displayed in the main column of the site under the header Public Member Functions as shown in the following screenshot: A World object is an entire world on your server. By default, a Minecraft server has multiple worlds including the main world, nether, and end. CraftBukkit even allows you to add additional worlds. The methods that are listed in the World class apply to the specific world object. For example, the Bukkit.getWorlds() method will give you a list of all the worlds that are on the server; each one is unique. Therefore if you were to call the getName() method on the first world it may return world while calling the same method on the second world may return world_nether. Summary In this article we learnt about what the reader can do by programming plugins. We also learnt the difference between Bukkit and CraftBukkit and how they relate to Minecraft. The term acronym API was also explained. Resources for Article : Further resources on this subject: Coding with Minecraft [Article] Instant Minecraft Designs – Building a Tudor-style house [Article] CryENGINE 3: Breaking Ground with Sandbox [Article]