Student Blog

blockchain technology: Discussing security (51% attack)

The Blockchain is a peer-to-peer network consisting of interconnected nodes (users). As a peer-to-peer network, each participating node on the Blockchain is an equipotent participant containing a complete copy of an immutable ledger(block). The blockchain’s block is a data structure used to keep track of transactions performed on the network. Since all nodes must reference all transactions and have equal privileges on the network, transactions are committed based on a consensus algorithm.

The integrity and potency of the blockchain network lie in its ability to maintain an unbiased immutable ledger throughout the network. The consensus algorithm designed to manage the creation of a block (committing a transaction) must ensure that no block is illegally added. 

 Like any other computer network, the Blockchain is prone to security attacks. A major threat to the network will result from an attacker controlling a node or nodes with higher privileges than other nodes. To ensure that the Blockchain is secured, blockchains security is based on some principles such as consensus, decentralization, cryptography, and hashing.

Cryptography is the utilization of complex mathematical equations to secure data. Blockchain uses asymmetric cryptography involving a private and a public key to secure transactions taking place between two nodes. When nodes create transactions, a digital signature containing the transaction data and the public key of the sending node is created. This is done to guarantee the integrity of a transaction. This process is called authentication, a process used to determine a node’s integrity on the blockchain network.

After completing the authentification process, the corresponding block/transaction needs to be added to the chain. For a block to be added, Blockchain ensures security by enforcing an authorization algorithm involving the consensus of the majority of participating nodes. Nodes are given incentives to participate in the validation of a transaction or block. Validation of transactions is a major process in the blockchain network as a failure or improper validation will defy the chain. To ensure that only legitimate participants(nodes) of equal privilege validate a block, the network presents a complex mathematical equation for nodes to solve. Since this requires high processing resources, fair competition is distributed among participating nodes. Once a block is successfully mined(verified by participating nodes), the block is added to the existing chain. As earlier mentioned, verification is key in ensuring that the blockchain network remains secure. For this reason, most of the security breaches confronting the said security of the Blockchain attempt to target the verification process. The term commonly used in the verification process is “mining.” Mining seeks to achieve the following:

1. Permanently add a block(transaction) to the chain without the sole permission of any node

2. Reward coins to miners who spend resources such as electricity to help keep the network secure.

black and red caliper on gold colored bitcoin
Photo by Worldspectrum on Pexels.com

Mining is the process of computing a Hash. Miners compete in computing a hash by randomly guessing values if plugged into a mathematical equation results in the corresponding hash presented by the network. Using machines (computers) such as the Application Specific Integrated Circuits (ASICs), the competition to compute a hash begins. Different ASICs machines can have different hash rates. A hash rate determines the number of guesses a machine can make in a given time to solve a problem. Machines with higher hash rates have higher chances of solving the problem. The fact that hash rates of miners are not equal gives room for a monopoly of the network. Can this lead to insecurity? Imagine an attacker has a hash rate greater than that of the network? This is what the 51% attack is.

This attack is possible when an attacker takes control of more than 50% of the network’s total hashing power. An attacker who successfully does this can now perform criminal activities such as double spending on the network. Since all machines engaged in mining do not all have equal hash rates, as mentioned earlier, this attack is possible but not without a great cost. Chains of blocks isolated from the real chain are secretly(privately) created by the hacker and later presented to the network for acceptance. Since the PoW algorithm is designed to accept the longest/most recent chain, the chain created by the hacker is then accepted and added to the network as the real chain. Since the attacker has higher hashing power than the overall network, they are positioned to create the longest chain and present it for acceptance. The more a network’s hashing power increases, the more costly and unlikely the 51% attack will become.

Solutions to the 51% attack. Coming soon!

CIS316 MAKEUP/QUIZ

  1. How many records are on the Customer table?
  • Starting from the 3 indexes, output the first 5 records in the Orders table
  • From payments, get me the check number of the customer with ID 112
  • I wish to know how many customers are living in USA or France and have a credit limit of less than 100,000.
  • How many orders were done on 2003-07-24?
  • How many customers are recorded in the database?

EXMA506

Today’s(17th May 2022) meeting time: 1 PM

Dear students, please note that we are to meet today at 1 pm to discuss the chapters.

Dear Students, kindly go through chapters 1, 2, 3, and 5. Prepare a concise summary of the chapters and explain the lessons learned from studying them. Kindly note that I will be on ZOOM on Monday at 3 PM for a short review of the chapters. Following the review of the chapters, we will have a mid-term exam date announced. See you at 3 PM on Monday (9th May 2022)

chapters can be found here: https://drive.google.com/drive/folders/11wrdVFuiP1N7Nrdz_dphOIuUUCRbyS5Y

ZOOM LINK

https://us02web.zoom.us/j/2113160241?pwd=VHBWMm9tUlRYYUFsTEZPYUlDZDNUdz09

PASSWORD: 1111

Case Study: Walmart’s Retail Link Supply Chain

Walmart is a well-known leader in the application of network technology to coordinate its supply chain. Walmart’s supply chain is the secret sauce behind its claim of offering the lowest prices every day. It can make this promise because it has possibly the most efficient B2B supply chain in the world. It does not hurt to be the largest purchaser of consumer goods in the world. With sales of more than $443 billion for the fiscal year ending January 31, 2012, Walmart has been able to use information technology to achieve a decisive cost advantage over competitors. As you might imagine, the world’s largest retailer also has the world’s largest supply chain, with more than 60,000 suppliers worldwide. In the next five years, the company plans to expand from around 5,000 retail stores in the United States (including Sam’s Clubs) to over 5,500 and increase its selection of goods. Internationally, Walmart has over 5,200 additional stores in 26 countries outside the United States, giving it over 10,000 retail units. The rapid expansion in Walmart’s international operations will

require an even more capable private industrial network than what is now in place.

In the late 1980s, Walmart developed the beginnings of collaborative commerce using an Electronic Data Interchange (EDI)-based supply-chain management system that required its large suppliers to use Walmart’s proprietary EDI network to respond to orders from Walmart purchasing managers. In 1991, Walmart expanded the capabilities of its EDI-based network by introducing Retail Link. This system connected Walmart’s largest suppliers to Walmart’s own inventory management system, and it required large suppliers to track actual sales by stores and to replenish supplies as dictated by demand and following rules imposed by Walmart. Walmart also introduced financial payment systems that ensure that Walmart does not own the goods until they arrive and are shelved.

In 1997, Walmart moved Retail Link to an extranet that allowed suppliers to directly link over the Internet into Walmart’s inventory management system. In 2000, Walmart hired an outside firm to upgrade Retail Link from being a supply-chain management tool toward a more collaborative forecasting, planning, and replenishment system. Using demand aggregation software provided by Atlas Metaprise Software, Walmart purchasing agents could now aggregate demand from Walmart’s 5,000 separate stores in the United States, into a single RFQ from suppliers. This gives Walmart tremendous influence with even the largest suppliers.

In addition, suppliers can now immediately access information on inventories, purchase orders, invoice status, and sales forecasts, based on 104 weeks of online, real-time, item- level data. The system does not require smaller supplier firms to adopt expensive EDI soft- ware solutions. Instead, they can use standard browsers and PCs loaded with free software from Walmart. There are now over 20,000 suppliers—small and large—participating in Walmart’s Retail Link network.

By 2012, Walmart’s B2B supply-chain management system had mastered on a global scale the following capabilities: cross docking, demand planning, forecasting, inventory management, strategic sourcing, and distribution management. The future of Walmart’s SCM lies in business analytics—working smarter—rather than simply making the movement and tracking of goods more efficient. For instance, in 2012 Walmart purchased Quintiq Inc., a supply-chain

management tool for improving load assignment and dispatch of trucks for large retailers. Quintiq’s software will enable Walmart’s managers to optimize the loading of its trucks and to reduce the time required to supply its retail stores.

Despite the economic slowdown in 2011–2012, Walmart’s sales grew. In 2011, Walmart’s revenues of $443 billion were up 6.4 percent from 2010, and its net income was $15.77 billion, up from $15.36 billion. In the first half of 2012, sales continued to grow by over 4 percent

BUS306/CIS206 Term Project:

Question:

Investigate any business process applicable in any industry or firm by identifying processes requiring optimization and implement such changes by presenting an updated business process. Please note your investigation must be detailed and your proposed solution explicitly represented in your submission with clear diagrams of the existing and proposed business process.  

You can use this tool to draw diagrams: https://www.draw.io/

Your submission must include the following:

  • Introduction(Brief introduction about the business and its goals)
  • Literature review (Can contain discussion on the strategies of their competitors)
  • Pros and Cons of existing business process
  • Recommendation (BPM or re-engineering)
  • Conclusion

Please note that your submission is not restricted to the above-listed points. You are required to submit your term projects 2 weeks before the final exams.

CIS209: Final Examination Area of Concentration (FALL 2021/2022)

Chapter 5

  1. Transforming a Data Model into a Relational Design
  2. What is Functional dependency
  3. Learn to identify a Determinant
  4. Learn the Boyce-Codd Normal Form (BCNF)

Chapter 6 (Database Administration and Management)

  1. What does Concurrency control seek to achieve?
  2. What is a logical units of work (LUW)?
  3. Understand and explain the different concurrency issues
  4. Explain how Resource Locking can help prevent concurrency issues
  5. What is the difference between implicit and explicit locks

Chapter 7 (Database Processing in Applications)

  1. Explain triggers and stored procedures
  2. What is the full meaning of the abbreviation API
  3. Mention 2 API interface standards (ODBC and JDBC)

Chapter 7 (Big Data, Data Warehouses, and Business Intelligence Systems)

  1. What Business intelligence (BI)
  2. The two broad categories of BI systems (Reporting systems and data minning applications)
  3. What is the meaning of ETL (Etract transform and load)
  4. What is the difference between a data warehouse and a data mart

Final examination area of concentration(CIS301)

Dear students kindly focus on the following chapters for your final examination:

Chapter 7: Page Layout Basics
Chapter 8: Table basics
Chapter 9 and 10: Form Basics
Chapter 11: Media Interactivity Basics

Kindly note that according to the school’s timetable, the exam holds this Friday (21st January 2022).

See timetable attached

Spring 2021/2022 Final Examination Timetable for Service courses

Dear Students kindly see exam schedules for COMP103 and COMP104 below.

Since the examination will be held online, I will post instructions on how the exam will be conducted. Kindly visit eLearning regularly for this update.

Semantic Search: What It Is & Why It Matters for SEO Today

Search engine technology has evolved, making semantic search essential for SEO. Learn what it is, why it matters and how to optimize for it.

Semantic Search: What It Is & Why It Matters for SEO Today

Many things have changed since 2010 when SEO was more concerned with getting as many backlinks as you could and including as many keywords as possible.

In 2021, the focus has shifted to understanding intent and behavior, and the context – semantics – behind them.

Today, search engine understanding has evolved, and we’ve changed how we optimize for it as a result. The days of reverse-engineering content that ranks higher are behind us, and identifying keywords is no longer enough.

Now, you need to understand what those keywords mean, provide rich information that contextualizes those keywords, and firmly understand user intent.

These things are vital for SEO in an age of semantic search, where machine learning and natural language processing are helping search engines understand context and consumers better.

In this piece, you’ll learn what semantic search is, why it’s essential for SEO, and how to optimize your content for it.

What Is Semantic Search?

Semantic search describes a search engine’s attempt to generate the most accurate SERP results possible by understanding based on searcher intent, query context, and the relationship between words.

Semantic Search: What It Is & Why It Matters for SEO Today

This is important as:

  • People say things and query things in different ways, languages, and tones.
  • Search queries can be ambiguous in nature.
  • There is a need to understand the relationships between words.

The relationships between entities and personal choice and relationships are also very important.

Google spends lots of money on patents related to this. This works when a user queries something like [top 10 movies of 2021] and Google returns several options/websites for the user to visit.

Bill Slawski explains more in this post.

In layman’s terms, semantic search seeks to understand natural language the way a human would.

For example, if you asked your friend, “What is the largest mammal?” and then followed that question up with “How big is it?” your friend would understand that “it” refers to the largest mammal: a blue whale.

Before 2013, however, search engines wouldn’t understand the context of the second question.

Instead of answering “How big is a blue whale,” Google would seek to match the specific keywords from the phrase “How big is it?” and return webpages with those exact keywords.

Today, you see a different result with a featured snippet and understanding of the context behind the question with extra information.

Interactive Session: People – Monitoring Employees on Networks: Unethical or Good Business?

The Internet has become an extremely valuable business tool, but it’s also a huge distraction for workers on the job. Employees are wasting valuable company time by surfing inappropriate websites (Facebook, shopping, sports, etc.) sending and receiving personal emails, texting to friends, and downloading videos and music. According to a survey by International Data Corp (IDC), 30 to 40 percent of Internet access is spent on non-work-related browsing, and a staggering 60 percent of all online purchases are made during working hours. A series of studies have found that employees spend between one and three hours per day at work surfing the web on personal business. A company with 1,000 workers using the Internet could lose up to $35 million in productivity annually from just an hour of daily web surfing by workers. Many companies have begun monitoring employee use of email and the Internet, sometimes without their knowledge. Many tools are now available for this purpose, including Spector CNE Investigator, Os Monitor, IMonitor, Work Examiner, Mobistealth, and Spytech. These products enable companies to record online searches, monitor file downloads, and uploads, record keystrokes, keep tabs on emails, create transcripts of chats, or take certain screenshots of images displayed on computer screens. Instant message, text messaging, and social media monitoring are also increasing. Although U.S. companies have the legal right to monitor employee Internet and email activity while they are at work, is such monitoring unethical, or is it simply good business? Managers worry about the loss of time and employee productivity when employees are focusing on personal rather than company business. Too much time on personal business translates into lost revenue. Some employees may even be billing time they spend pursuing personal interests online to clients, thus overcharging them. If personal traffic on company networks is too high, it can also clog the company’s network so that legitimate business work cannot be performed. GMI Insurance Services, which serves the U.S. transportation industry, found that employees were downloading a great deal of music and streaming video and storing them on company servers. GMI’s server backup space was being eaten up. When employees use email or the web (including social networks) at employer facilities or with employer equipment, anything they do, including anything illegal, carries the company’s name. Therefore, the employer can be traced and held liable. Management in many firms fear that racist, sexually explicit, or other potentially offensive material accessed or traded by their employees could result in adverse publicity and even lawsuits for the firm. Even if the company is found not to be liable, responding to lawsuits could run up huge legal bills. Companies also fear leakage of confidential information and trade secrets through email or social network. Another survey conducted by the American Management Association and the ePolicy Institute found that 14 percent of the employees polled admitted they had send confidential or potentially embarrassing company emails to outsiders. U.S. companies have the legal right to monitor what employees are doing with company equipment during business hours. The question is whether electronic surveillance is an appropriate tool for maintaining an efficient and positive workplace. Some companies try to ban all personal activities on corporate networks – zero tolerance. Others block employee access to specific websites or social sites, closely monitor email messages, or limit personal time on the web.

1. Should managers monitor employee email and Internet usage? Why or why not?

2. Describe an effective email and web use policy

for a company.

3. Should managers inform employees that their web behavior is being monitored? Or should managers monitor secretly? Why or why not?