[AI] (Tech Dose of the Day) Ruby on Rails, WIKI, XSS, JSON, Web 2.0, DOJO, Fixed-Bid & Time-and-Materials, CODEC, AJAX, RAID and much much more!

vishnu ramchandani vishnuhappy at yahoo.com
Tue Jan 29 23:23:20 EST 2008

Tech Dose of the Day

Ruby on Rails, WIKI, XSS, JSON, Web
2.0, DOJO, Fixed-Bid &
Time-and-Materials, CODEC, AJAX, RAID, etc.

Contributed by M&E (Media & Entertainment Delivery)
Group (MphasiS Software Services)

Ruby on Rails  
What is Ruby on Rails ? 
Ruby on Rails is a free web application framework that
aims to increase the speed and ease with which
database-driven web sites can be created and offers
skeleton code frameworks (scaffolding) from the
outset. Often shortened to Rails, or RoR, Ruby on
Rails is an open source project written in the Ruby
programming language, and applications using the Rails
framework are developed using the
Model-View-Controller architecture.
 What is its significance and technicalities? 
Ruby on Rails led the charge among next-generation web
application frameworks, popularizing features that are
now considered standard, such as scaffolding,
object-relational mapping and simple installation.
Other projects such as Django and TurboGears followed
The fundamental Ruby on Rails principles include
Convention over Configuration (CoC) and Don't repeat
yourself (DRY).
Convention over Configuration means a developer only
needs to specify unconventional aspects of the
application. For example, if there's a class Sale in
the model, the corresponding table in the database is
called sales by default. It is only if one deviates
from this convention, such as calling the table
"products_sold", that one needs to write code
regarding these names.
Don't repeat yourself means that information is
located in a single, unambiguous place. For example,
using ActiveRecord, the developer does not need to
specify database column names in class definitions.
Instead, Ruby can retrieve this information from the
Because of these defaults, Rails is often referred to
as "opinionated software", which has been a point of
contention for many critics of Rails. 
Like many contemporary web frameworks, Rails uses the
Model-View-Controller (MVC) architecture for
organising application programming. Rails provides
'out of the box' scaffolding which can quickly
construct most of the models and views needed for a
basic website. Other helpful development tools come
with or are installed with Rails, such as the WEBrick
web server, and the Rake build system. Rails is also
noteworthy for its extensive use of the JavaScript
libraries Prototype and Script.aculo.us for Ajax and
its graphical interface. For web services Rails
initially supported lightweight SOAP; later it was
replaced by RESTful web services. The recommended REST
based programming structure changes drastically in
version 1.2 .
Some of the projects using Rails -
• Basecamp – online project management 
• BBC Programme Catalogue – video and audio archives
from BBC television and radio 
• Blurb.com – personal book publishing 
• ChaCha.com - a human-powered search engine 
• Justin.tv - A live video streaming platform 
• OpenCongress – Aggregated news and official data 
• bout the US Congress 
• Penny Arcade – gamer-humor webcomic 
• Revolution Health – a health portal 
• Twitter – micro-blogging service 
• yellowpages.com – US telephone directory
Further References 
Wikipedia : 
Ruby on Rails Home : 
Justify your choice of RoR : 

What is WIKI ? 
A wiki is a medium which can be edited by anyone with
access to it, and provides an easy method for linking
from one page to another. Wikis are typically
collaborative websites, though there are now also
single-user offline implementations. Ward Cunningham,
developer of the first wiki, WikiWikiWeb, originally
described it as "the simplest online database that
could possibly work". One of the best-known wikis is
A wiki enables documents to be written
collaboratively, in a simple markup language using a
web browser. A single page in a wiki is referred to as
a "wiki page", while the entire body of pages, which
are usually highly interconnected via hyperlinks, is
"the wiki". A wiki is essentially a database for
creating, browsing and searching information.
A defining characteristic of wiki technology is the
ease with which pages can be created and updated.
Generally, there is no review before modifications are
accepted. Many wikis are open to the general public
without the need to register any user account.
Sometimes session log-in is requested to acquire a
"wiki-signature" cookie for autosigning edits. Many
edits, however, can be made in real-time, and appear
almost instantaneously online. This can lead to abuse
of the system. Private wiki servers require user
authentication to edit, sometimes even to read pages.
 What is its usefulness?
Why wiki? Well.. Some of the innumerable reasons -
• Creating a knowledge base on a specific topic. 
• Writing documentation or a FAQ. 
• Collaborative writing. 
• Product reviews and comparisons. 
• Creating how-tos. 
• Developing new languages and dictionaries. 
• Sharing tips and advice. 
• Discussion of theories. 
• Communication between and within communities. 
• Creating an easily searchable, linkable, and
editable website.
Further References 
wikipedia - 
wiki on wiki - 
The wiki wiki web - 

What is XSS ? 
Cross-site scripting (XSS) is a type of computer
security vulnerability typically found in web
applications which allow code injection by malicious
web users into the web pages viewed by other users.
Examples of such code include HTML code and
client-side scripts. An exploited cross-site scripting
vulnerability can be used by attackers to bypass
access controls such as the same origin policy.
Vulnerabilities of this kind have been exploited to
craft powerful phishing attacks and browser exploits.
When Netscape first introduced the JavaScript
language, they realized the security risks of allowing
a Web server to send executable code to a browser
(even if only in a browser sandbox). One key problem
with this is the case where users have more than one
browser window open at once. In some instances, a
script from one page should be allowed to access data
from another page or object, but in others, this
should be strictly forbidden, as a malicious Web site
could attempt to steal sensitive information this way.
In order to fix this problem, browsers introduced the
same origin policy. Essentially, this policy allows
any interaction between objects and pages that
originated from the same domain and over the same
protocol. That way, a malicious Web site would not be
able to access sensitive data in another browser
window via JavaScript.
Since then, other similar access-control policies have
been adopted in other browsers and client-side
scripting languages to protect users from malicious
Web sites. In general, cross-site scripting holes can
be seen as vulnerabilities present in web pages which
allow attackers to bypass these mechanisms. By finding
clever ways of injecting malicious script into pages
served by other domains, an attacker can gain elevated
access privileges to sensitive page content, session
cookies, and a variety of other objects.
How can this be mitigated? 
• Encode all HTML special characters in potentially
malicious data. 
• Input validation of all potentially malicious data
• If your web app is written to operate completely
without the need for client-side scripts, the better.
Further References 
Wikipedia - 
Some more info - 

What is JSON ? 
JSON (JavaScript Object Notation) (Pronounced like
Jason) is a lightweight computer data interchange
format. It is a text-based, human-readable format for
representing simple data structures and associative
arrays (called objects). The official Internet media
type for JSON is "application/json". The JSON format
is often used for transmitting structured data over a
network connection in a process called serialization.
Its main application is in Ajax web application
programming, where it serves as an alternative to the
traditional use of the XML format.
Although JSON was based on a subset of the JavaScript
programming language, and is commonly used with that
language, it is considered to be a
language-independent data format. Code for parsing and
generating JSON data is readily available for a large
variety of programming languages. The 
provides a comprehensive listing of existing JSON
bindings, organized by language.
What is its usefulness?
• Simplicity - JSON has a small grammar and maps more
directly into the data structures used in modern
programming languages. 
• Self describing - JSON is human readable, and the
data is self-describing in nature. 
• Extensibility - JSON is not extensible, as it does
not need to be. JSON is not a Document Markup Language
(like HTML / XML), and so it is not necessary to
define new tags or attributes to represent data in it.

• Interoperability - JSON has the same
interoperability potential as XML. 
• Openness - JSON is as open as XML; perhaps more so
'cos its not in the center of corporate/ploitical
standardization struggles.
Further References 
Wikipedia - 
JSON Homepage - 
Mastering JSON - 

Web 2.0  
What is Web 2.0? 
Web 2.0, refers to a perceived second generation of
web-based communities and hosted services — such as
social-networking sites, wikis and folksonomies —
which aim to facilitate collaboration and sharing
between users. The term became popular following the
first O'Reilly Media Web 2.0 conference in 2004.
Although the term suggests a new version of the World
Wide Web, it does not refer to an update to any
technical specifications, but to changes in the ways
software developers and end-users use the web.
According to Tim O'Reilly, "Web 2.0 is the business
revolution in the computer industry caused by the move
to the internet as platform, and an attempt to
understand the rules for success on that new
In alluding to the version-numbers that commonly
designate software upgrades, the phrase "Web 2.0"
hints at an improved form of the World Wide Web.
Technologies such as weblogs, social bookmarking,
wikis, podcasts, RSS feeds (and other forms of
many-to-many publishing), social software, web
application programming interfaces (APIs), and online
web services such as eBay and Gmail provide a
significant enhancement over read-only websites.
Stephen Fry (actor, author and broadcaster) describes
Web 2.0 as "an idea in people’s heads rather than a
reality. It’s actually an idea that the reciprocity
between the user and the provider is what’s
emphasized. In other words, genuine interactivity if
you like, simply because people can upload as well as
Web 2.0 websites typically include some of these
• Rich Internet application techniques, often
• Semantically valid XHTML and HTML markup. 
• Microformats enriching pages with additional
• Folksonomies (in the form of tags or tagclouds, for
• Cascading Style Sheets to separate presentation from
• REST and/or XML- and/or JSON-based APIs. 
• Syndication, aggregation and notification of data in
RSS or Atom feeds. 
• Mashups, merging content from different sources,
client- and server-side. 
• Weblog publishing tools. 
• Wiki or forum software, etc., to support user
generated content. 
• OpenID for transferrable user identity. 
• Use of Open source software, such as the LAMP stack.
What is its usefulness?
Web Based Applications and Desktops The richer
user-experience afforded by Ajax has prompted the
development of websites that mimic personal computer
applications, such as word processing, the
spreadsheet, and slide-show presentation. WYSIWYG wiki
sites replicate many features of PC authoring
applications. Still other sites perform collaboration
and project management functions. In 2006 Google, Inc.
acquired one of the best-known sites of this broad
class, Writely. Several browser-based "operating
systems" or "online desktops" have also appeared. They
essentially function as application platforms, not as
operating systems per se. These services mimic the
user experience of desktop operating-systems, offering
features and applications similar to a PC environment.
They have as their distinguishing characteristic the
ability to run within any modern browser.
Rich Internet Applications:-
Recently, many rich-Internet application techniques
such as Ajax, Adobe Flash, Flex, Nexaweb, OpenLaszlo
and Silverlight have evolved that can improve the
user-experience in browser-based applications. These
technologies allow a web-page to request an update for
some part of its content, and to alter that part in
the browser, without needing to refresh the whole page
at the same time.
XML and RSS:-
Advocates of Web 2.0 may regard syndication of site
content as a Web 2.0 feature, which permit end-users
to make use of a site's data in another context (such
as another website, a browser plugin, or a separate
desktop application). Protocols which permit
syndication include RSS (Really Simple Syndication —
also known as "web syndication"), RDF (as in RSS 1.1),
and Atom, all of them XML-based formats. Observers
have started to refer to these technologies as "Web
feed" as the usability of Web 2.0 evolves and the more
user-friendly Feeds icon supplants the RSS icon.
Further References 
Wikipedia - 
What is Web 2.0 : by Tim O'Reilly - 

What is DOJO?
The Dojo toolkit is a modular open source JavaScript
toolkit (or library), designed to ease the rapid
development of JavaScript- or Ajax-based applications
and web sites. Dojo is a small, tight toolkit that its
performance alone makes it an ideal platform to extend
and build on.
What is its usefulness?
>From pane-based layouts to client-side charting &
graphing to data binding to a time-tested module
system, Dojo is solid infrastructure for delivering
great experiences. Everything is customizable easily
with CSS, but very little needs to be tweaked to get a
great experience, not only to users, but also to
designers and developers.
Object Oriented Class Helpers - JavaScript uses
prototype-based, not class-based, object orientation
natively.  Dojo essentially builds a class system on
top, adding great features like inheritance,
encapsulation, mixing classes, and more.  This will
make Java and C# programmers feel at home, and help
build solid Enterprise-level applications. Following
are a few of many -
• Dojo.data - The Data module is an abstraction layer
that makes gathering data from outside sources
consistent.  Reading from a database or web service
uses the same base calls.  You can write pluggable
data modules for your own sources.
• XHR (Ajax) - Dojo adds a nice wrapper around native
XmlHttpRequest services.  Often you can boil an XHR
message-pass with one function call.  The data is
given to you in text, XML, or in a JavaScript object
via JSON.
• Drag and Drop - Often the bane of DHTML
applications, drag and drop services are essential for
easy user interaction.  Dojo's DnD layer is fast,
cross-platform, and very straightforward.
• Dojo.query - Finding and manipulating HTML fragments
is difficult.  But Dojo. Query makes it as easy as
CSS.  You can write sophisticated selectors, and then
apply an operation to all of them in one step.
• Back button handling - dojo.back saves your
application from nervous users trying to use the Back
button. One-page apps can destroy data at one touch of
the back button. dojo.back alters the behavior of Back
to make it less likely.
Further References
Dojo - 
Dojo official website - 
Commonly used Widgets - 

Fixed-Bid & Time-and-Materials  
What is Fixed-Bid & Time-and-Materials? 
There are essentially two types of billing for
contract work:  Fixed-Bid or Time-and-Materials. 
A Fixed Bid contract is just like it sounds.  You bid
that you can do a defined set of work for a fixed
amount of money.
A Time & Materials contract is similar to being an
hourly employee, at least in that you are paid a set
rate for the actual hours that you worked, and you may
be reimbursed for specific expenses such as hardware
that you purchase for the company.
You don't work, you don't get paid.
What is its pros and cons? 
In Fixed-Bid projects, if you are more efficient at
doing the work, you make more money per hour of work
done.  If you are inefficient, or worse, overlooked
something about the project (or you allowed
scope-creep), you can spend a lot of time and end up
bringing your effective rate per hour way down,
possibly even losing money on the project if you
really blow it.
In T&M, if you are efficient, you might make less
money overall, but if scope-creep enters in, you still
get paid for all of your work.
Further References
Time-and-Materials, Labor-Hour, and Letter Contracts -

Contracting Tips: Fixed Bid vs. T&M - 
Time & Materials - 
When do you give Fixed Bid - 

What is Codec? 
A codec is a device or program capable of performing
encoding and decoding on a digital data stream or
signal. The word codec may be a combination of any of
the following: 'Compressor-Decompressor',
'Coder-Decoder', or 'Compression/Decompression
Audio Codec:-
An audio codec is a computer program that
compresses/decompresses digital audio data according
to a given audio file format or streaming audio
format. Most codecs are implemented as libraries which
interface to one or more multimedia players, such as
XMMS, Winamp or Windows Media Player.
In some contexts, the term "audio codec" can refer to
a hardware implementation or sound card. When used in
this manner, the phrase audio codec refers to the
device encoding an analog audio signal to a digital
audio signal, or decoding an analog audio signal from
a digital audio signal. Thus, in such a context, the
term is actually referring to a combined audio AD/DA
converter. One example is Intel Corporation's AC'97
standard, which comprises a digital controller paired
with an analog unit.   
Video Codec:-
A video codec is a device or software that enables
video compression and or decompression for digital
video. The compression usually employs lossy data
compression. Historically, video was stored as an
analog signal on magnetic tape. Around the time when
the compact disc entered the market as a
digital-format replacement for analog audio, it became
feasible to also begin storing and using video in
digital form, and a variety of such technologies began
to emerge.
Audio and video call for customized methods of
compression. Engineers and mathematicians have tried a
number of solutions for tackling this problem.
There is a complex balance between the video quality,
the quantity of the data needed to represent it, also
known as the bit rate, the complexity of the encoding
and decoding algorithms, robustness to data losses and
errors, ease of editing, random access, the state of
the art of compression algorithm design, end-to-end
delay, and a number of other factors.
What is its usefulness?
In daily life, digital video codecs are found in DVD
(MPEG-2), VCD (MPEG-1), in emerging satellite and
terrestrial broadcast systems, and on the Internet.
Online video material is encoded in a variety of
codecs, and this has led to the availability of codec
packs - a pre-assembled set of commonly used codecs
combined with an installer available as a software
package for PCs.
Encoding media by the public has seen an upsurge with
the availability of DVD-writers. Since commercially
available DVDs are usually dual-layer, and hence
bigger than the more common single layer writable
DVDs, it is often the case that the material has to be
compressed again, sacrificing quality so that the
media will fit onto a single disc.
  Further References 
Codec - 
Audio Codec - 
Video Codec - 

What is AJAX? 
Ajax, or AJAX, is a web development technique used for
creating interactive web applications. The intent is
to make web pages feel more responsive by exchanging
small amounts of data with the server behind the
scenes, so that the entire web page does not have to
be reloaded each time the user requests a change. This
is intended to increase the web page's interactivity,
speed, functionality, and usability.
AJAX stands for Asynchronous Javascript And XML. Ajax
is asynchronous in that XML data loading does not
interfere with normal HTML and JavaScript page
loading. JavaScript is the programming language in
which Ajax function calls are made. Data retrieved
using the technique is commonly formatted using XML,
as reflected in the naming of the XMLHttpRequest
object from which Ajax is derived.
Ajax is a cross-platform technique usable on many
different operating systems, computer architectures,
and Web browsers as it is based on open standards such
as JavaScript and XML, together with open source
implementations of other required technologies.
What is its usefulness?
Bandwidth usage:-
By generating the HTML locally within the browser, and
only bringing down JavaScript calls and the actual
data, Ajax web pages can appear to load relatively
quickly since the payload coming down is much smaller
in size, and the rest of the layout does not have to
be redrawn on each update. An example of this
technique is a large result set where multiple pages
of data exist. With Ajax, the HTML of the page (e.g.,
a table structure with related TD and TR tags) can be
produced locally in the browser and not brought down
with the first page of the document.In addition to
"load on demand" of contents, some web-based
applications load stubs of event handlers and then
load the functions on the fly. This technique
significantly cuts down the bandwidth consumption for
web applications.
Separation of data, format, style, and function:-
A less specific benefit of the Ajax approach is that
it tends to encourage programmers to clearly separate
the methods and formats used for the different aspects
of information delivery via the web. Although Ajax can
appear to be a jumble of languages and techniques, and
programmers are free to adopt and adapt whatever works
for them, they are generally propelled by the
development motive itself to adopt separation among
the following:
1. Raw data or content to be delivered, which is
normally embedded in XML and sometimes derived from a
server-side database. 
2. Format or structure of the webpage, which is almost
always built in HTML or XHTML and is then reflected
and made available to dynamic manipulation in the DOM.

3. Style elements of the webpage: everything from
fonts to picture placement are derived by reference to
embedded or referenced CSS.  
4. Functionality of the webpage, which is provided by
a combination of:  
1. Javascript on the client browser (also called
2. Standard HTTP and XMLHttp or client-to-server
communication, and  
3. Server-side scripting and/or programs using any
suitable language preferred by the programmer to
receive the client's specific requests and respond
Further References
AJAX Programming : Wikipedia - 
AJAX Tutorial - 
A site for AJAX Freaks - 

What is RSS?
"RSS" refers to - Really Simple Syndication (or) RDF
Site Summary (or) Rich Site Summary.
RSS is a family of Web feed formats used to publish
frequently updated content such as blog entries, news
headlines etc. An RSS document, which is called a
"feed", "web feed", or "channel", contains either a
summary of content from an associated web site or the
full text.
RSS formats are specified using XML, a generic
specification for the creation of data formats.
RSS content can be read using software called a "feed
reader" or an "aggregator." The user subscribes to a
feed by entering the feed's link into the reader or by
clicking an RSS icon in a browser that initiates the
subscription process. The reader checks the user's
subscribed feeds regularly for new content,
downloading any updates that it finds.
What is its usefulness?
RSS makes it possible for people to keep up with their
favorite web sites in an automated manner, that's
easier than checking them manually. It's not just for
news, but pretty much anything that can be broken down
into discrete items can be syndicated via RSS: the
"recent changes" page of a wiki, a changelog of CVS
checkins, even the revision history of a book. Once
information about each item is in RSS format, an
RSS-aware program can check the feed for changes and
react to the changes in an appropriate way.
RSS solves a problem for people who regularly use the
web. It allows you to easily stay informed by
retrieving the latest content from the sites you are
interested in. You save time by not needing to visit
each site individually, and you ensure your privacy,
by not needing to join each site's email newsletter. 
Further References
A comprehensive overview and links: 
What is RSS, and Why Should You Care?: 
XML.com - What is RSS?: 

WebReference.com - Introduction to RSS: 

Syndic8 - Directory of RSS Feeds: 


What is RAID? 
RAID (Redundant Array of Independent Disks; originally
Redundant Array of Inexpensive Disks) is a way of
storing the same data in different places (thus,
redundantly) on multiple hard disks.  
What is its usefulness?
By placing data on multiple disks, I/O (input/output)
operations can overlap in a balanced way, improving
performance. Since multiple disks increase the mean
time between failures (MTBF), storing data redundantly
also increases fault tolerance. A RAID appears to the
operating system to be a single logical hard disk.
RAID employs the technique of disk striping, which
involves partitioning each drive's storage space into
units ranging from a sector (512 bytes) up to several
megabytes. The stripes of all the disks are
interleaved and addressed in order.
In a single-user system where large records, such as
medical or other scientific images, are stored, the
stripes are typically set up to be small (perhaps 512
bytes) so that a single record spans all disks and can
be accessed quickly by reading all disks at the same
In a multi-user system, better performance requires
establishing a stripe wide enough to hold the typical
or maximum size record. This allows overlapped disk
I/O across drives.
What are the types of RAID?
There are at least nine types of RAID plus a
non-redundant array (RAID-0): 
• RAID-0: This technique has striping but no
redundancy of data. It offers the best performance but
no fault-tolerance. 
• RAID-1: This type is also known as disk mirroring
and consists of at least two drives that duplicate the
storage of data. There is no striping. Read
performance is improved since either disk can be read
at the same time. Write performance is the same as for
single disk storage. RAID-1 provides the best
performance and the best fault-tolerance in a
multi-user system. 
• RAID-2: This type uses striping across disks with
some disks storing error checking and correcting (ECC)
information. It has no advantage over RAID-3.

• RAID-3: This type uses striping and dedicates one
drive to storing parity information. The embedded
error checking (ECC) information is used to detect
errors. Data recovery is accomplished by calculating
the exclusive OR (XOR) of the information recorded on
the other drives. Since an I/O operation addresses all
drives at the same time, RAID-3 cannot overlap I/O.
For this reason, RAID-3 is best for single-user
systems with long record applications. 
• RAID-4: This type uses large stripes, which means
you can read records from any single drive. This
allows you to take advantage of overlapped I/O for
read operations. Since all write operations have to
update the parity drive, no I/O overlapping is
possible. RAID-4 offers no advantage over RAID-5. 
• RAID-5: This type includes a rotating parity array,
thus addressing the write limitation in RAID-4. Thus,
all read and write operations can be overlapped.
RAID-5 stores parity information but not redundant
data (but parity information can be used to
reconstruct data). RAID-5 requires at least three and
usually five disks for the array. It's best for
multi-user systems in which performance is not
critical or which do few write operations. 
• RAID-6: This type is similar to RAID-5 but includes
a second parity scheme that is distributed across
different drives and thus offers extremely high fault-
and drive-failure tolerance. 
• RAID-7: This type includes a real-time embedded
operating system as a controller, caching via a
high-speed bus, and other characteristics of a
stand-alone computer. One vendor offers this system. 
• RAID-10: Combining RAID-0 and RAID-1 is often
referred to as RAID-10, which offers higher
performance than RAID-1 but at much higher cost. There
are two subtypes: In RAID-0+1, data is organized as
stripes across multiple disks, and then the striped
disk sets are mirrored. In RAID-1+0, the data is
mirrored and the mirrors are striped. 
• RAID-50 (or RAID-5+0): This type consists of a
series of RAID-5 groups and striped in RAID-0 fashion
to improve RAID-5 performance without reducing data
• RAID-53 (or RAID-5+3): This type uses striping (in
RAID-0 style) for RAID-3's virtual disk blocks. This
offers higher performance than RAID-3 but at much
higher cost. 
• RAID-S (also known as Parity RAID): This is an
alternate, proprietary method for striped parity RAID
from EMC Symmetrix that is no longer in use on current
equipment. It appears to be similar to RAID-5 with
some performance enhancements as well as the
enhancements that come from having a high-speed disk
cache on the disk array.
Further References 

      Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php

More information about the AccessIndia mailing list