Monthly Archive for November, 2007

Successful IT for farmers

on 2007 November 13
in Soft Hacks
. Comments

A few days ago, the Philippine Daily Inquirer posted a report on the province of Quezon’s IT program for its farmers.  Here is an excerpt of the articles from [1]:

Quezon farmers, entrepreneurs sell more by going online
By Myrna Rodriguez-Co

MANILA, Philippines — In Quezon Province, the farmers and entrepreneurs have begun selling their produce and goods in the Internet. They do this through the province’s “E-commerce for Farmers” project.

quezon-products

The work by the Ateneo’s 4f group (I do not know who they are) is very laudable in terms of effectively using technology. For example, if you go to the product list of Quezon’s various produce, small and medium community enterprises like “Zenaida’s Store”, post their unique product. The culture of using the Internet for commerce has deeply penetrate in the minds of their constituent entrepeneurs. In terms of usability standards, the presentation of the website appealed to them. It does not employ sophisticated online merchant tools like Paypal and using credit cards for purchases. The project does not need to yet. When you perform a query for more information about an Uraro (type of Philippine cookie) supplier, you will obtain basic company contact details such as email, mobile phone number and address. Through this the testimonies of the users in the articles was that they were able to get contacts outside of their local networks. This provided an opportunity for Quezon citizens to expand their market.

Lucena Grocer

Dr. Greg Tangonan’s [2] keeps stressing that it is not important to be able to use and achieve the bleeding edge technologies. What matters more is how you engage it to the community that has the greatest need and transform it into a multi-billion dollar industry! The government can already claim success by sparking a paradigm shift in the province of Quezon about IT. Although the report also states reluctance from common Internet phobias such as online theft of money and information the momentum is there for a complete change in our method of conducting agriculture in the country.

To explore around with the security concerts reported in the article, I went to the Lucena Grocer Online. The design of the site was for government staff in Lucena to be able to purchase their groceries online. I can only speculate with the purchase process. Government staff probably requests a list of orders using their accounts and clicks on a “Purchase” button. Then at the end of the day, they will receive their groceries at the exit counter of their offices. The amount they spent on groceries are probably deducted automatically from their grocery allowance or salaries. An ad about the Lucena grocer is display in the upper-right hand corner of the Quezon products list page. This model was probably released first for internal use and then made public because of a press release. To confirm my assumptions, I created an account and bought a bottle of UFC banana ketchup for Php 12.50. Upon signing, up they only prompted me for contact information such as address, email and phone number. The system did not ask any merchant account information. Therefore the site was indeed designed for the internal use of the employees. So a good security question is why did they released it in public? An answer can be found when the system emailed my about my order of ketchup:

Hello,

Please be informed that Lucena Online Grocer is real-time online
grocery system which is under process of ownership and management
transfer.  Getting orders are on hold until further notice. Please be
also informed that we collect information from you (like your IP
address).  Thank you so much for your interest with our service.

O. C. (Lucena Grocer)

On Nov 11, 2007 2:48 AM, xxxxxxx wrote:
>
>
> Total Amount of Order: P 12.50
>  Telephone: Cellphone Number:
>
> Qty
> Brand / Description
>
> Unit Price
>
> Sub Total
>
> 1   UFC Banana Catsup 320mL.
>  12.50
>  12.50

Apparently they are pushing the web application for public use. They still have a lot to fix before going completely public. The most disturbing security hole in the merchant application is that the website does not use a secure channel for its transactions. In the URL you can see that the web page uses the standard “http” protocol and not through an SSL layer reflected by an “https” in the address bar of the browser. So to the system administrator of the Quezon government’s e-commerce office, please try to secure your web applications as soon as possible! Your citizen’s internet security concerns is apparently true and not simple common misconceptions.

[1] http://newsinfo.inquirer.net/breakingnews/infotech/view_article.php?article_id=100125
[2] Dr. Tangonan is a Professor in the Electronics, Computer and Communications Engineering Department of Ateneo de Manila Universit

links for 2007-11-13

on 2007 November 13
in Bookmarks
. Comments
  • Operating System Concepts
    (tags: books os teaching)
  • MIT OpenCourseWare | Electrical Engineering and Computer Science | 6.013 Electromagnetics and Applications, Fall 2005 | Videos
    (tags: electromagnetics teaching physics)

    • links for 2007-11-10

    on 2007 November 10
    in Bookmarks
    . Comments
  • ICT Asia France - ICT-Asia Seminar: Taipei 2007
    Organized by the French Institute in Taipei, the fifth regional ICT-Asia seminar will take place in Taipei at the Academia Sinica from 19 to 21 November 2007
    (tags: conference research seminar)
  • 2007 International Graduate Program - TIT.Eng
    (tags: gradschool titech)

    • links for 2007-11-09

    on 2007 November 9
    in Bookmarks
    . Comments

    My Vi-based tools

    on 2007 November 8
    in Soft Hacks
    . Comments

    Ever since I conquered the steep learning curve of the mode-based text-editing of vi (pronounced vee-eye), there is no other text editor for me. It completely binds my hands on the keyboard without the need to use the most (almost!). For those who are not yet into the religious practice of advocating text-editors, here is a short description of vi from Wikipedia:

    vi is a screen-oriented text editor written by Bill Joy in 1976 for an early BSD release.

    The name vi is derived from the shortest unambiguous abbreviation for the command visual in ex; the command in question switches the line editor ex to visual mode. The name vi is pronounced /vee-eye/,[1] though other pronunciations such as /vaɪ/ are also used.

    vi is generally understood to be a modal editor: it operates in either insert mode (where typed text becomes part of the document) or command mode (where keystrokes are interpreted as commands that control the edit session). Typing ‘i’ while in command mode switches the editor to insert mode. Typing ‘i’ again at this point places an ‘i’ character in the document. How the ‘i’ keystroke is processed depends on the editor mode. (From insert mode, pressing the escape key switches the editor back to command mode.)

    vi can process compound commands that embed text for insertion in the document. For example, the command:
    20i Hello world!
    would insert 20 lines in the document with the text ‘Hello world!’. Rather than grapple with the notion of two mode switches while executing this command, some users view vi as a stateful filter. After processing the third character, vi changes state and begins processing input as text to be added to the file. On processing the escape, vi returns to the state in which it is ready to receive a new command.

    Whether viewed as modal or stateful, vi’s processing of the same keystroke in different ways depending on the history of the edit session distinguishes it from editors which are generally considered non-modal.

    An advantage of a modal editor is that the use of keyboard chords (multiple keys pressed simultaneously, typically a modifier plus a letter key) is reduced or eliminated. Instead, in command mode, single keystrokes serve as commands. This results in the user’s hands not having to take up awkward positions, which some find results in faster work.

    I mostly use ViM (Vi Improved), one of the most successful implementations of vi as my default text editor. Version 7 has new features that I have not yet explored such as tabbed buffers, spell check. I am currently reading Hacking Vim: A Cookbook to get the Most out of the Latest Vim Editor to get a deeper understanding of the text editor such as using Vimdiff and integrating tools such as subversion.

    Of course it is inevitable that you have to go outside of the text editor such as web browsing (the normal way), programming using big IDEs, etc. For this I have my personal list of Vi plugin implementations:

    • VIMperator is a browser-addon for Firefox, which makes it look and behave like the ViM text editor. It has similar key bindings, and you could call it a modal web browser, as key bindings differ according to which mode you are in.  The shortcuts are very convenient specially if you are cycling through a couple of web pages.  For example 5gt will focus on the fifth tab window in the browser. 20G will jump to line 20 of the web page.  A noticable difference in using the plugin was that all pop-up windows are now opened as tabs.
    • It’s All Text! enables Firefox to edit textareas in an external editor.  Just simply right-click on the text area and select “It’s All Text!”.  Then I configured the plugin to use ViM as the text editor.
    • viPlugin adds vi(m) functionality as a layer on top of an open editor (e.g. CDT, RDT, Aptana, JDT, etc.)

    Below is an overview screenshot of the above vi-related tools:

    vi-enabled tools